TAMPA, Fla. (WFLA) — One of the largest parking apps in the country, with more than 20 millions users, is warning users their app was hacked through third-party software.
The ParkMobile app allows users to pay for street, lot, or garage parking right from your phone using your credit card information and license plate number.
Now, the company is urging all users to change their passwords immediately after a hack last month.
The company sent the following statement to users regarding the incident:
“In March, ParkMobile became aware of a cybersecurity incident linked to a vulnerability in a third-party software which we use. In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident. We quickly eliminated the third-party vulnerability, and we continue to maintain our security and monitor our systems.
Out of an abundance of caution, we also notified the appropriate law enforcement authorities.
We recently concluded our investigation and are now updating our users of the findings. Below are the key points about the incident.
The investigation confirmed that no credit card information was accessed. No data related to a user’s parking transaction history was accessed. Only basic user information was accessed. This includes license plate numbers, as well as email addresses, phone numbers, and vehicle nicknames, if provided by the user.
In a small percentage of cases, mailing addresses were also affected.
Encrypted passwords were accessed, but not the encryption keys required to read them. We protect user passwords by encrypting them with advanced hashing and salting technologies.
We do not collect Social Security numbers, driver’s license numbers, or dates of birth.
We take extensive measures to protect user passwords. However, as an added precaution, users can change their password in the “Settings” section of the ParkMobile app or on the web by clicking this link. We recommend always using unique passwords for different online accounts.
As the largest parking app in the U.S., the trust of our users is our top priority. Please rest assured we take seriously our responsibility to safeguard the security of our users’ information.”
8 On Your Side spoke with a cybersecurity expert about what users should do to protect themselves when using apps.
“Any type of hack or venerability like this is alarming. Now, the good news is that this company ParkMobile actually had encrypted the passwords,” said Tony Urbanovich, the chief technology officer with Cyber Florida. “Consider what information with these apps you need to put in to actually use it, and I would always give them the minimum amount of information that’s required.”
Because the company is recommending that users change their password, Urbanovich said users should do the same for any other apps that have the same password.
“A lot of people use the same password over and over again. So, you should also think about what other applications you’re using this password on and change those also because there’s a ripple effect, especially in this case 21 million records plus are being sold on the dark web.”
Urbanovich also encourages people to use two-factor authentication to make logging in more secure.