Londonist are reporting that TfL have taken a ‘precautionary measure’ to protect Oyster and contactless online accounts from potential malicious use:
The transport giant has taken steps on Thursday afternoon (November 28) to protect all of its Oyster and contactless customers who use the London Underground by forcing everyone to reset their online passwords.
The news comes after TfL became aware in August 2019 that a small number of customers had their online accounts accessed maliciously.
No customer payment details were accessed and all affected customers were contacted and informed about this at the time.
But TfL says it wants to reduce the risk of further incidents happening in the future so taken this action as a precautionary measure.
Notably I also had to prove I’m not a robot a few times before trying to log in.
I’m sure some #geeks may have something to add, but at least to me it doesn’t make exact sense to force all passwords to be reset for the reasons given; more likely they lost the database somehow, back before August I’d guess.
