BBC News

Oyster card accounts hacked, confirms Transport for London

image captionTfL has temporarily suspended its online Oyster accounts after a breach

Tube travellers have had their online payment accounts hacked, according to Transport for London (TfL).

Some 1,200 customers attempting to access their online Oyster card accounts have reported being denied access since Wednesday.

TfL said while no customer payment details had been breached it had "temporarily suspended" online contactless and Oyster accounts.

The transport body has six million online Oyster account holders.

A spokeswoman said the numbers compromised is believed to be small and an initial investigation indicated the Oyster online service had not been compromised.

"As a precautionary measure and to protect our customers' data, we have temporarily suspended online contactless and Oyster accounts while we put additional security measures in place."

TfL said it believed hackers accessed the accounts of Oyster customers via a third party breach; people who might have recycled their passwords and logins for other websites.

The technique is known as "credential stuffing" and was first reported by The Register.

"We encourage all customers not to use the same password for multiple sites," said TfL.

The London transport body said it would be contacting customers affected and had reported the incident to the National Cyber Security Centre and British Transport Police.

image copyrightNick Ansell/PA Wire
image captionTfL said it did not believe its online systems were to blame for the breach

Related Topics

  • Transport for London
  • Data breaches

More on this story

  • London Underground wi-fi data collection 'has huge potential'

Related Internet Links

The BBC is not responsible for the content of external sites.