The passwords and other personal information of 2,001 San Francisco commuters were exposed Sunday by the hacker group Anonymous.
The group, which has previously targeted PayPal and other financial companies, said it breached the security at myBART.org, a website run by an outside vendor for Bay Area Rapid Transit, the San Francisco Chronicle reported Monday. The agency's main website, bart.gov, was unaffected. The myBART website, which was offline Monday, publicizes contests, discounts and events.
Anonymous is typically labeled a 'hacktivist' group because it targets companies and government agencies in retaliation for some activity it deems to be unjust. Last week, BART shut down cell phone within the transit system to deter protestors from organizing, the article said.
"BART has proved multiple times that they have no problem exploiting and abusing the people," Anonymous wrote in an online post the Chronicle quoted. The hackers claimed that the myBART website used "virtually no security."
Users' passwords were not encrypted, the hackers said. "Any 8-year-old with an Internet connection could have done what we did," they wrote.
One of the people whose personal information was exposed, Marsha-Ann Sebay, told the Chronicle that Anonymous' attack hit the wrong target.
"If you have a problem with someone, you resolve it with that person," she told the paper. "You don't punish other people because you don't agree with someone."