Obike becomes latest victim of global data breach

The breach into users of the bike sharer lasted at least two weeks, affecting users around the world.

Zoey Chong Reporter
Zoey is CNET's Asia News Reporter based in Singapore. She prefers variety to monotony and owns an Android mobile device, a Windows PC and Apple's MacBook Pro all at the same time. Outside of the office, she can be found binging on Korean variety shows, if not chilling out with a book at a café recommended by a friend.
Zoey Chong
2 min read

I rode Obike a few times for a story. Here's hoping my data hasn't been leaked.

Aloysius Low/CNET

Are you riding one of those yellow bikes on the streets of Singapore, Sydney or London? Some of your personal information may have been accessed.

Obike suffered a global security breach that lasted at least two weeks, Bavarian Radio reported. User information including names, contacts, profile photos and location was leaked and made accessible online.

The specific time of the breach is unknown, although security experts in Taiwan said they discovered the leak in June, but got no response from Obike. It impacts people around the world, with the Singapore-based company having expanded to several cities in the Asia Pacific, Europe and UK.

"We were made aware of the issue, and worked quickly to resolve it immediately," an Obike spokesperson told CNET.  "This only affected a small handful of our users. The personal data that was exposed was limited to user names, email addresses and mobile numbers. The app does not store credit card details or passwords of users."

The security flaw "stemmed from a gap in our [application programming interface] that allowed users to refer a friend to our platform," the spokesperson said. That API has now been disabled, and extra security layers added on top. 

Obike is a bike-sharing platform that offers riders an afforable last-mile solution. It uses a dockless system, which means bikes can be picked up off the streets (download its app and scan the lock to use the bike) and left at any public bike-parking area. It's not the only bike-sharing service available; Chinese bike-sharing giants include Ofo and Mobike, whose combined value is estimated to cross $4 billion.

It comes a week after Uber made headlines for having paid hackers $100,000 to delete the information stolen from 57 million Uber drivers and riders globally last October. A 20-year-old Florida man is thought to have been behind Uber's hack, it was reported on Wednesday.

Watch this: Uber admits major data breach... 1 year late

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Batteries Not Included: The CNET team reminds us why tech is cool.