In support of anti-police protests in San Francisco, Anonymous has leaked the personal data of BART customers
Hacktivist group Anonymous on Sunday published the personal information of thousands of customers of San Francisco’s Bay Area Rapid Transit (BART) rail system, obtained from the third-party website myBART.org.
The hack was in response to BART’s shutdown of mobile phone service in parts of San Francisco last Thursday during a protest aimed at police.
Anonymous published the names and passwords of more than 2,000 users of the myBART notifications service, operated by an independent vendor. The data included many addresses and phone numbers as well.
“We are Anonymous, we are your citizens, we are the people, we do not tolerate oppression from any government agency,” Anonymous said in a statement. “BART has proved multiple times that they have no problem exploiting and abusing the people.”
The data was stored with “virtually no security”, according to Anonymous.
“Any 8-year-old with an Internet connection could have done what we did to find it. On top of that, none of the info, including the passwords, was encrypted,” the hackers stated.
BART said it had disabled mobile phone service during the Thursday protest in order to protect train riders. The organisation said it would not rule out using a similar tactic to disrupt a planned protest on Monday at 5 p.m. PST at BART’s Civic Centre station.
“We’re going to take steps to make sure our customers are safe,” a BART spokesman told the San Francisco Chronicle. “The interruption of cell phone service was done Thursday to prevent what could have been a dangerous situation. It’s one of the tactics we have at our disposal. We may use it; we may not.”
A protest was planned on Thursday following the fatal shooting of a man by San Francisco police on 3 July. That protest failed to materialise, possibly in part because BART shut down mobile phone service in four stations. An earlier protest in July had disrupted BART service.
Anonymous’ recent targets have included the FBI and other security groups.
The group dumped 90,000 passwords belonging to military personnel from consulting firm Booz Allen Hamilton, exposed sensitive information belonging to employees of agricultural chemical and biotechnology company Monsanto and stole more than 8GB of internal data from Italy’s cyber-crime police unit.
Before it disbanded, LulzSec lifted and published internal documents obtained during its attack on the Arizona Department of Public Safety, breached two websites belonging to FBI partners InfraGard Atlanta and InfraGard Connecticut, and broke into surveillance company Unveillance chief executive’s personal email account.