ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

CityBee Data Breach

citybee.lt
Limited exposure
Verified breach Passwords exposed
Accounts exposed 110,156
Breach date 05 Feb 2021
Added to tracker 17 Feb 2021
Data classes 4

What happened

In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.

Exposed data

Email addresses Government issued IDs Names Passwords

Recommended actions

  • Change your CityBee password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing CityBee — attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP