Blink Mobility

The California Office of the Attorney General reported a data breach involving Blink Mobility on January 11, 2024. The breach occurred on October 20, 2023, due to a vulnerability in a former vendor's MongoDB database, potentially exposing customer phone numbers, email addresses, encrypted passwords, account registration dates, device information, and details on subscription and rented vehicles.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-579251

TPRM report: https://www.rankiteo.com/company/eblink-io

"id": "ebl603072825",
"linkid": "eblink-io",
"type": "Vulnerability",
"date": "10/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Mobility',
                        'name': 'Blink Mobility',
                        'type': 'Company'}],
 'attack_vector': 'Vulnerability in MongoDB database',
 'data_breach': {'data_encryption': 'encrypted passwords',
                 'personally_identifiable_information': ['customer phone '
                                                         'numbers',
                                                         'email addresses'],
                 'type_of_data_compromised': ['customer phone numbers',
                                              'email addresses',
                                              'encrypted passwords',
                                              'account registration dates',
                                              'device information',
                                              'details on subscription and '
                                              'rented vehicles']},
 'date_detected': '2023-10-20',
 'date_publicly_disclosed': '2024-01-11',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Blink Mobility on January 11, 2024. The '
                'breach occurred on October 20, 2023, due to a vulnerability '
                "in a former vendor's MongoDB database, potentially exposing "
                'customer phone numbers, email addresses, encrypted passwords, '
                'account registration dates, device information, and details '
                'on subscription and rented vehicles.',
 'impact': {'data_compromised': ['customer phone numbers',
                                 'email addresses',
                                 'encrypted passwords',
                                 'account registration dates',
                                 'device information',
                                 'details on subscription and rented '
                                 'vehicles']},
 'references': [{'date_accessed': '2024-01-11',
                 'source': 'California Office of the Attorney General'}],
 'title': 'Blink Mobility Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'MongoDB database vulnerability'}

Blink Mobility

IDrive: IDrive for Windows Vulnerability Allows Privilege Escalation Attacks

Synology: Synology DiskStation Manager Vulnerability Puts Users at Risk of Remote Command Execution Attacks

Cisco: Cisco Secure Firewall Vulnerability Exposes Systems to Remote Code Execution by Attackers