TfL’s Oyster service for taking Tube taken offline after users are hacked

Travellers unable to check balance or top up their cards

Andrew Griffin
Thursday 08 August 2019 17:08 BST
Comments
A commuter swipes his Oyster card at a London Underground station
A commuter swipes his Oyster card at a London Underground station (Dan Kitwood/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Transport for London's online Oyster system has been taken offline after a number of its users were hacked.

The outage means that people are unable to check their balance or top up their cards through the website.

The Oyster system allows travellers to top up payment cards and then use them to get around London. The online service is a companion to that, letting people see how much money is left on the card, add more, and change various settings.

TfL says that it made the decision after it became clear that a number of customers had their login details compromised. The service was shut off to prevent them from being abused, it said.

But it also made clear that it did not think the passwords were leaked by TfL or its services. Instead, it suggested they had been stolen from another website and then were used to login to the Oyster service.

“We believe that a small number of customers have had their Oyster online account accessed after their login credentials were compromised when using non-TfL websites," a spokesperson told The Independent.

"No customer payment details have been accessed, but as a precautionary measure and to protect our customers’ data, we have temporarily suspended online contactless and Oyster accounts while we put additional security measures in place. We will contact those customers who we have identified as being affected and we encourage all customers not to use the same password for multiple sites.”

TfL said anyone who notices an issue with their Oyster account should get in touch over the phone.

Users should be able to use the Oyster app still, and top ups at ticket machines inside stations are still possible.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in