Data breaches and identity theft have unfortunately become an all too regular occurrence in our super-connected society. If you park at places like Madison Square Garden in New York City, Mercedes-Benz Superdome in New Orleans, or just street parking in Atlanta, Philadelphia, Washington, D.C., or many more cities, you’ve probably downloaded and used the ParkMobile app.
In a statement, the company says, “We become aware of a cybersecurity incident in March linked to a vulnerability in a third-party software that we use.” It goes on to say that the company quickly eliminated the vulnerability, began an investigation and notified law enforcement.
I changed my password with the quickness.
It’s unfortunate that most people don’t take the security of their apps and information as seriously as they should. If you use the same one or two passwords for multiple accounts, and if just one account is breached (which is very likely sooner or later), a criminal can try that username and password combination on thousands of websites in a matter of hours. Of course, that will include major banks, credit cards and more.
If you use the same password they get in the breach for your email, then you’re really in trouble. They can use the “forgot password” button to reset all of the rest of your accounts.
I always recommend using two-factor authorization whenever its available. In addition to your password, a criminal would need a verification code (which is sent to your phone) in order to log into your account. The really great thing about two-factor authentication is that if you receive a login verification text, then you will immediately know that someone has your password and is attempting to log in to your account. You can quickly change your password and notify the company if needed.
ParkMobile’s statement goes on to say, “The investigation confirmed that no credit card information was accessed. No data related to a user’s parking transaction history was accessed. Only basic user information was accessed. This includes license plate numbers, as well as email addresses, phone numbers, and vehicle nicknames, if provided by the user. In a small percentage of cases, mailing addresses were also affected. Encrypted passwords were accessed, but not the encryption keys required to read them. We protect user passwords by encrypting them with advanced hashing and salting technologies. We do not collect Social Security numbers, driver’s license numbers, or dates of birth.”
Please keep yourself safe in this connected world.
