Copenhagen might not be so bike-friendly after all

Cyclists in Copenhagen had to find other means of transportation over the weekend when a “primitive” cyber-attack caused a public rental system to shut down.

Users of the bike sharing platform Bycklen were not able to access 1,860 of the company’s vehicles when the intrusion on its operating system occurred at some point on the night of May 4.

The attack, which the company says likely came from an insider or former employee, also saw the deletion of Bycklen’s database – information such as users’ email addresses, phone numbers, and access PIN codes for the bicycles.

Bycklen confirmed on its website that it did not store any user payment card information.

It said: “In our databases we use ‘salted password hashing’, that is, all PINs are encrypted and cannot be read or recreated, neither by Bycyklen nor any other player.

“For security purposes, we encourage all our users to change their PIN as soon as possible.”

According to Bycklen’s Facebook page, the bikes affected, which did not include those in cities located outside of Denmark, had to be updated manually and began to operate by the evening of Sunday, May 6, with operations resuming as normal on Wednesday.

Data was fully restored through a secured backup.

The company said: “The manner in which the attack was performed is really primitive, but documents that it was done by a person with a high level of knowledge of the IT structure of our system, and at the same time we can see that the person/persons have entered a password.”

Bycklen added that it would be following up with police on Monday and apologized for the inconvenience to its users.

The company maintained that the incident was directed at them and not its users, unlike previous incidents taken against bike-sharing programs that have seen money stolen or personal information easily exposed due to security flaws in the platform’s app.

The Daily Swig has reached out to Bycklen for comment.