Transport for London Oyster system pulled offline after miscreants enter customers’ accounts • DigitalMunition

Exclusive Transport for London's Oyster travel smartcard system has been accessed by miscreants using customer credentials, The Reg can reveal, as the transport authority keeps the website offline for a second day.

Some Oyster customers have had their accounts broken into, and the transport authority has blamed users who recycled their login creds with other websites.

A TfL spokesperson told us: "We believe that a small number of customers have had their Oyster online account accessed after their login credentials were compromised when using non-TfL websites. No customer payment details have been accessed, but as a precautionary measure and to protect our customers' data, we have temporarily closed online contactless and Oyster accounts while we put additional security measures in place."

In fiscal year 2018/19 nearly a billion rail, tram and bus journeys were made using Oyster cards, netting TfL a cool £2.3bn in revenue, according to its own statistics.

Over the past couple of days, increasing numbers of users noticed that they could not log in online and check their smartcards' balances or top them up with cash.

@TfL trying to report my Oyster card lost and the website keeps crashing. I can’t find a number to call either. Please advise?

— Christina x (@teehebron) August 7, 2019

@TfL your website is down I can’t update my payment card for oyster keep getting this scree. pic.twitter.com/MMvwkwJQP8

— kay (@kay66306272) August 7, 2019

In tweets from Londoners asking why they can't access their online accounts and do things like cancel standing orders or change card details, TfL repeatedly insisted that the problem was "performance issues impacting users".

Hi Dan, Oyster online is currently unavailable whilst we investigate performance issues impacting users. Our mobile app can still be used to make purchases and view payment and journey history etc. Sorry about the inconvenience caused, Tariq

— Transport for London (@TfL) August 7, 2019

TfL's response to the attack on the accounts included taking down staff access to Oyster systems as well, though Londoners using ticket machines to top up at stations seem unaffected so far.

Hi Mark. Im not struggling with the contact Us page. I actually called and spoke to a lady. She said that the system is down internally too so she couldn't cancel my card either. I want to know when the system itself will no longer be under maintenance.

— Elise Maile (@e_maile) August 8, 2019

It's not just Oyster Online that isn't working though. I called earlier only to be told the systems were down. So it's all of oyster servicing not just online. Really annoying as I need to report my Oyster card lost and transfer my credit etc.

— Dean Sharpe (@deanj89) August 7, 2019

TfL also told us: "We will contact those customers who we have identified as being affected and we encourage all customers not to use the same password for multiple sites.”

The transport authority did not say how many users had been affected. ®

Sponsored:
MCubed - The ML, AI and Analytics conference from DigitalMunition.

Comments are closed.