The Singapore-based firm said it has since resolved the problem that stemmed from a gap in its application programming interface (API), after being made aware of it two weeks ago. It said only a handful of users were affected.
It added that credit card details and passwords of users were not compromised in the leak. However, unencrypted user data – such as names, telephone numbers and e-mail addresses of users – was accessible online before the breach was resolved.
oBike – which now operates in 14 countries after first rolling out its bikes here in January – is now reviewing the security functions of its app.
The news of oBike’s user data leak comes after it was revealed last month that in 2016, ride-hailing giant Uber had paid hackers US$100,000 (S$135,000) to cover up a data breach that exposed the personal details of 57 million passengers and drivers worldwide.
Observers The Straits Times spoke to said such leaks are becoming more common, and pointed to the need for both users and firms to better protect themselves from the threat of cyber attacks.
Related story: Bike-sharing firms face challenges to curb errant parking
Related story: Bike-sharing firm pedalling ahead despite challenges