San Francisco Rail Agency Shuts Down Website After 2,400 Accounts Hacked

San Francisco Bay Area Rapid Transit shut down its MyBART site yesterday after a hacker obtained the contact information of at least 2,400 users, a move that the Internet group known as Anonymous said it orchestrated.

The information was mostly names, e-mail addresses and passwords, though the database also included addresses and phone numbers, BART said yesterday in a statement. Before it was closed, the MyBART site carried the Anonymous logo -- a white Guy Fawkes mask and swords in crossbones style -- and linked to Anonymous’s Twitter feed.

The attack followed BART’s move on Aug. 11 to temporarily restrict mobile-phone service on its train platforms in San Francisco, an effort to ward off a protest. The Electronic Frontier Foundation, an Internet civil liberties group, called the mobile-phone shutdown “a shameful attack on free speech.” Protesters had been targeting BART since the transit agency’s police killed a man at one of its stations in July.

BART said on Aug. 12 that it limited phone service because protest organizers threatened to “use mobile devices to coordinate their disruptive activities and communicate about the location and number of BART police. A civil disturbance during commute times at busy downtown San Francisco stations could lead to platform overcrowding and unsafe conditions for BART customers, employees and demonstrators.”

No Financial Data

The MyBART website, which provides discounts and event information to riders, is separate from BART’s main site. MyBART has 55,000 members in total, the transit agency said in its message to users. No financial information was stored in the MyBART database, BART said.

Separately, BART warned of another attempted protest later today. On a blog linked to Anonymous, the group said it would be holding a peaceful demonstration at BART’s Civic Center station in San Francisco at 5 p.m. local time. Protesters were urged to bring Guy Fawkes masks.

Anonymous, made up of hundreds of members in several countries, gained renown in December when it targeted EBay Inc. (EBAY)’s PayPal unit, Visa Inc. and other companies deemed hostile to WikiLeaks, an organization that posts secret documents on the Web. A spinoff group called Lulz Security later claimed credit for breaking into websites at Sony Corp., the U.S. Senate and the Central Intelligence Agency

Intruders in Sony’s PlayStation Network stole data on more than 100 million accounts in April, forcing the company to shutter the service for more than five weeks.

To contact the reporter on this story: Nick Turner in San Francisco at nturner7@bloomberg.net

To contact the editor responsible for this story: Tom Giles at tgiles5@bloomberg.net

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.