TFL website issues.

londonbridge

Member
Joined
30 Jun 2010
Messages
880
Not really sure where to post this so I'll start here but mods please move this to the buses forum if you deem it more appropriate.

Anyway, Tuesday night (August 6th) I caught a 157 bus, paying as usual by contactless, however on my journey/payment history it is showing as bus 390. Also TFL usually collect their money the day after travel, or at the most two days, but the £1.50 hasn't yet been debited and is still showing on my bank account as a pending transaction.

I went to report the issue on @MikeWh's Oyster site and found a comment from another user with the same problem in that they've had a 485 bus journey recorded as being bus 187.

Also when I went to log out of my TFL account it said 'just a minute, we need to check something', and made me complete a captchca puzzle before it would log me out.
 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

MikeWh

Established Member
Associate Staff
Senior Fares Advisor
Joined
15 Jun 2010
Messages
6,114
Location
Crayford
Well something is up. I'll try and make some enquiries.

The captcha is unlikely to be related. I get something odd occur when I don't log out and it automatically does it for me.
 

Be3G

Established Member
Joined
14 Sep 2012
Messages
1,592
Location
Chingford
There was a period of a couple of days earlier this week when the Oyster/contactless account part of TfL's website went offline completely to be replaced by a message about maintenance or something like that. During that time, it seems that the recording of journeys on contactless cards (I don't know about Oyster) was affected; I too see journeys which have been marked as the wrong bus route, and some journeys from that period regardless of mode took a while to appear on my account. Furthermore, no contactless payments were taken during those couple of days either.

Additionally, I'd never been presented with a captcha on TfL's site before this downtime; now I get one all the time when I try to log in. Interestingly too, the captcha page looks like it was hastily constructed (note the Times New Roman font)!

I have to say, the random timing of this (and the sudden insistence on captcha use) made me wonder if something serious was going on – some kind of hacking attempt or data breach that meant the account/processing servers had to be taken offline suddenly. I'd have thought genuine maintenance would take place over the weekend, yet everything was fine Sunday and Monday.
 

MikeWh

Established Member
Associate Staff
Senior Fares Advisor
Joined
15 Jun 2010
Messages
6,114
Location
Crayford
Additionally, I'd never been presented with a captcha on TfL's site before this downtime; now I get one all the time when I try to log in. Interestingly too, the captcha page looks like it was hastily constructed (note the Times New Roman font)!
Yes, that certainly seems to have been added without any testing. I mean, surely a tester would have queried why you need to fill in a captcha to logout!
 

mmh

Established Member
Joined
13 Aug 2016
Messages
2,420
Yes, that certainly seems to have been added without any testing. I mean, surely a tester would have queried why you need to fill in a captcha to logout!
Additionally, I'd never been presented with a captcha on TfL's site before this downtime; now I get one all the time when I try to log in. Interestingly too, the captcha page looks like it was hastily constructed (note the Times New Roman font)!

I have to say, the random timing of this (and the sudden insistence on captcha use) made me wonder if something serious was going on – some kind of hacking attempt or data breach that meant the account/processing servers had to be taken offline suddenly. I'd have thought genuine maintenance would take place over the weekend, yet everything was fine Sunday and Monday.
I suspect you're correct, and that hastily introduced captchas is probably a reaction to this:

https://www.bbc.co.uk/news/uk-england-london-49282429

Tube travellers have had their online payment accounts hacked, according to Transport for London (TfL).

Some 1,200 customers attempting to access their online Oyster card accounts have reported being denied access since Wednesday.

TfL said while no customer payment details had been breached it had "temporarily suspended" online contactless and Oyster accounts.

The transport body has six million online Oyster account holders.

A spokeswoman said the numbers compromised is believed to be small and an initial investigation indicated the Oyster online service had not been compromised.

"As a precautionary measure and to protect our customers' data, we have temporarily suspended online contactless and Oyster accounts while we put additional security measures in place."

TfL said it believed hackers accessed the accounts of Oyster customers via a third party breach; people who might have recycled their passwords and logins for other websites.

The technique is known as "credential stuffing" and was first reported by The Register.

"We encourage all customers not to use the same password for multiple sites," said TfL.

The London transport body said it would be contacting customers affected and had reported the incident to the National Cyber Security Centre and British Transport Police.
 

londonbridge

Member
Joined
30 Jun 2010
Messages
880
I've just checked and the bus journeys I made yesterday are showing as the correct route number. Re the captchcas, when logging on I enter my username and password, it then presents the captchca puzzle. After completeing it I then have to enter my username and password again before it will log me on.
 

MikeWh

Established Member
Associate Staff
Senior Fares Advisor
Joined
15 Jun 2010
Messages
6,114
Location
Crayford
I've just checked and the bus journeys I made yesterday are showing as the correct route number. Re the captchcas, when logging on I enter my username and password, it then presents the captchca puzzle. After completeing it I then have to enter my username and password again before it will log me on.
I thought that was just me going mad.
 

duncanp

Member
Joined
16 Aug 2012
Messages
940
Location
Birmingham/Smethwick
And other parts of the Tfl website appear to have been hacked as well.

I was looking for the bus spider maps in the Bexley area, according to TfL, places such as Crayford, Foots Cray and Sidcup don't exist any more.

Similarly when searching for bus spider maps:-

  • If you look at bus spider maps for the London Borough of Bromley, it includes Bromley by Bow and Devons Road in Newham
  • Farringdon Station and High Barnet Station do not exist any more.
  • Cheam Village does not exist, but Cheam does.
Or maybe this is just down to the usual standards of the TfL website (ie. pants)
 

island

Established Member
Joined
30 Dec 2010
Messages
10,797
Location
0036
I’m still running into the same issue today. Passing the ReCaptcha just leads to a blank page or logs me out.
 

Top