Skip to Content
News

Thousands of L.A. Based Electric Car Share Users’ Personal Information Exposed in Data Leak

Blink Mobility, the company that manages the Blue LA electric car share program in partnership with the City of Los Angeles, first learned of the data leak on December 14, according to a notice from Blink Mobility that was reportedly sent to “impacted users" on January 5.

via Blink Mobility/X

More than 22,000 Blue LA users had their phone numbers, email addresses, encrypted passwords and other personal information exposed in a data leak last year, according to a report by Cybernews.

A spokesperson for the Los Angeles Department of Transportation (LADOT) confirmed the data leak. "LADOT was informed by the contractor of this issue," Colin Sweeney told L.A. TACO.

Blink Mobility, the company that manages the Blue LA electric car share program in partnership with the City of Los Angeles, first learned of the data leak on December 14, according to a notice from Blink Mobility that was reportedly sent to “impacted users" on January 5.

“On 12/14/2023, Blink Mobility received notice that a former vendor’s database had a vulnerability that may have comprised some customer data.” The database was part of a “legacy system” that had been replaced in August of 2023, the company said.

“We believe that the vulnerability may have comprised data that includes some customer’s phone numbers, email addresses, encrypted passwords, account registration dates, device info, device tokens, and details on subscription and rented vehicles.”

Blink Mobility advised customers to update passwords “on any applications that share the same password as the legacy Blink Mobility app,” even though the data that was exposed was encrypted.

Cybernews first reported on the data leak at the end of last year, after their research team discovered the exposed database through metadata that “was then indexed by search engines.” Their investigation revealed that more than 22,000 users were contained in the database.

Cybernews reported the leak to Blink Mobility the same day they discovered it. A couple of days later, the database was gone, Cybernews reported.

It is unclear if hackers accessed the data before it was taken down.

“Personally identifiable information from car renting companies is highly valued among black-hat hackers and is often sold in batches on cybercrime marketplaces on the dark web,” according to Cybernews.

“In the wrong hands, this data can be exploited for financial gain,” Cybernews researchers said. “Threat actors could potentially use the exposed information to track users’ movements, manipulate booking, and engage in fraudulent activities.”

Twenty-two days after first learning of the data leak, on January 5, Blink Mobility sent a “notice of data breach” to impacted users, according to Colin Sweeney, Director of Public Information for LADOT.

Sweeney did not confirm how many users were impacted by the leak when asked. 

Blink Mobility’s notice informed users of what happened, what information was potentially leaked as well as steps that users should take to protect themselves.

In a request for comment, L.A. TACO asked Blink Mobility why they didn’t immediately notify customers.

“Blink Mobility is committed to providing a secure environment for our customers,” the company’s notice reads. “Our new mobile app launched in August 2023, is fully built and maintained by us. Furthermore, we are expanding our cybersecurity auditing process for partners and third-party vendors.”

Blue LA, in partnership with LADOT, began service in 2018 and was briefly managed by a French company before Blink Mobility took over in late 2020. Through an app, Blue LA users can rent electric Chevy Bolts by the minute. Today there are roughly 40 Blue LA charging stations and 100 vehicles available.

If you’ve had issues with Blue LA, please contact our investigative reporter - LexisOlivier@Gmail.com.

Stay in touch

Sign up for our free newsletter

More from L.A. TACO

California Mandates Drug-Test Kits at Bars and Nightclubs Starting July 1st. Here’s What to Know

Roofies have been used as accomplices to sexual assault, human trafficking, theft, and other crimes. Bars and nightclub owners hope that providing drug-test kits for their drinks may help their customers feel safe and return more often despite a general dip in the consumption of alcohol in California.

June 21, 2024

‘Not Like Us:’ Kendrick Lamar Unifies Los Angeles In A One-Night-Only Juneteenth Concert, Placing West Coast Unity At the Forefront

“The Pop Out” wasn’t just a showcase of the breadth of talent and music that Los Angeles has to offer—it was a cultural renaissance, a presentation of art bursting with unity and West Coast pride. In a city with so much pain and suffering throughout history, “The Pop Out” showed that community is everything.

These Nayarit-Style, Ceviche-Stuffed ‘MarisCocos’ in Compton Taste Just As Good As They Do On the Beach

Each young coconut is macheted to order and imported from Colima. The tender meat is mixed in with the ceviche and its refreshing coconut water is served in a plastic bag. They are about the size of basketball and weigh five pounds—at least. It's officially summertime in Los Angeles!

June 20, 2024

Ten Architecture Gems to Visit in L.A.: If These Walls Could Talk

Did you know that one of the 11 world's most beautiful post offices in the world is located in Hollywood? And the "skinniest house" in the entire U.S. is located in Long Beach? Plus, Gargoyles. L.A. is for architecture lovers...if you know where to look.

How to Celebrate Juneteenth in Los Angeles

Los Angeles is the place to be this Juneteenth, with a wider variety of free and exciting ways to celebrate, there is something for everyone to attend or participate in.

See all posts