The breach into users of the bike sharer lasted at least two weeks, affecting users around the world.
Zoey is CNET's Asia News Reporter based in Singapore. She prefers variety to monotony and owns an Android mobile device, a Windows PC and Apple's MacBook Pro all at the same time. Outside of the office, she can be found binging on Korean variety shows, if not chilling out with a book at a café recommended by a friend.
Are you riding one of those yellow bikes on the streets of Singapore, Sydney or London? Some of your personal information may have been accessed.
Obike suffered a global security breach that lasted at least two weeks, Bavarian Radio reported. User information including names, contacts, profile photos and location was leaked and made accessible online.
The specific time of the breach is unknown, although security experts in Taiwan said they discovered the leak in June, but got no response from Obike. It impacts people around the world, with the Singapore-based company having expanded to several cities in the Asia Pacific, Europe and UK.
"We were made aware of the issue, and worked quickly to resolve it immediately," an Obike spokesperson told CNET. "This only affected a small handful of our users. The personal data that was exposed was limited to user names, email addresses and mobile numbers. The app does not store credit card details or passwords of users."
The security flaw "stemmed from a gap in our [application programming interface] that allowed users to refer a friend to our platform," the spokesperson said. That API has now been disabled, and extra security layers added on top.
Obike is a bike-sharing platform that offers riders an afforable last-mile solution. It uses a dockless system, which means bikes can be picked up off the streets (download its app and scan the lock to use the bike) and left at any public bike-parking area. It's not the only bike-sharing service available; Chinese bike-sharing giants include Ofo and Mobike, whose combined value is estimated to cross $4 billion.