May 2018 Transit Group Hack

The May 2018 transit group hack occurred on May 20, 2018 after a user was able to exploit into various groups' places and began releasing their maps on May 21, 2018. The suspected user, Acentrix was targeting large, prominent groups such as Tobes Transportation Authority, Toronto Transit Commission and the Massachusetts Bay Transit Authority among others. Being a YouTuber, he was heavily criticized for affecting the transit community and ruining it for others just to get views online. He also wanted to publicize an exploit of these groups. Further leaks happened from May 22, 2018 to May 27, 2018. Most of this activity happened on alternate accounts owned by Acentrix which he made intentionally to publish leaked items. Promoters, such as FreeTransitMaps, were accounts created by user Abubakkar1234567 after being disrespectful to members of the Canadian Public Transit Discussion Board (CPTDB) chat and "being banned from every transit group including MBTA, MiWay, TTC, TTA". Other users made accounts in order to leak more items from the affected groups.

Due to these events, a large portion of the active North American-based groups temporarily suspended operations or implemented tighter security measures. The "attack" was one of the largest to date that impacted the ROBLOX public transport community; most of the groups threatened were those that had accounts on social media.

Due to the various levels that groups were affected, it was a warning that exploiters, which had been barred by other communities that implemented security patches were moving to sectors which were less likely to have anti-exploit technology. To prevent further exploits, places that are not in use may be made private for security reasons by the game owner or group.

As of March 2020, some of the leaked places and models are still circulating as uncopylocked maps and are often unknowingly used by developers as templates.

Groups Affected (May 20)
The following groups were known to be affected by the exploits:
 * Tobes Transportation Authority - Despite having its Sentinel map exploited, the group chose not to implement additional security measures. However, operators were asked to intentionally disable vehicles as the exploiter could return and they wanted to give a false impression. Following the attacks, operations were suspended as of 12:01 a.m. on May 22, 2018. Guests and passengers were also locked out of games as a security precaution. However, service has since resumed with the restrictions still imposed; today, all TTA places are group locked. Leaked versions of the Sentinel division can still be found.
 * ROBLOX Toronto Transit Commission - A few maps were exploited and operations were suspended to patch vulnerabilities. The group's Discord server temporarily required members to have a rank of bus operator and above; however, passengers were permitted to join runs after an unknown period of time.
 * In August 2019, Birchmount & Arrow Road divisions were exploited by another user, Abubakkar. The TTC on Roblox was unable to recover from this exploit, and closed for good a month later.
 * Massachusetts Bay Transit Authority - Operations were suspended following the attacks and the group made all of its games private until further notice. Operations have since resumed as normal, with all places group locked.
 * St. Catharines Transit Commission - All operations were immediately suspended and the group was placed on lockdown, meaning that it would not accept any new members. The group resumed operations in June 2018.

Groups Affected (after May 20)

 * Fairview Transit - All operations were immediately suspended and the group was placed on lockdown. However, Rory Division was inadvertently left active until May 24, 2018 and that place was stolen. Following this, the game was immediately made private. Due to this, transit service was left suspended and all of the maps were set to private access.
 * Isaac Transit Commission - Operations were immediately suspended and a map was made private after an exploit threat was discovered during a run at YRT Division on May 21, 2018. At the same time, one of the Acentrix's alternate accounts, Jake1629 was discovered in-game.
 * MiWay on ROBLOX - The group's division access was made "friends only", meaning that users who are not the creator's friends cannot access it. Scheduled training sessions for new hires taking place during the "hold and secure period" from May 21, 2018 need to be authorized and all sessions would have the server locked. Security has been enhanced at the group since then.
 * linkTO (Toronto Link) - The group's South Division (Port Lands) map was exploited- however the group was inactive at the time so no security measures were implemented. linkTO's service relaunch was never rescheduled due to the exploit and operations ended up ceasing due to inactivity.

Groups not affected

 * 10 Transit Commission - A lockdown was put into effect on May 20, 2018. The group remained inactive as 10littlejo, the owner was unable to operate the group prior to the events. However, 10TC has resumed operations as of August 2018.
 * Oak Transportation Operations - The group implemented lockdown status on May 26, 2018 and operations were immediately suspended. The group has never recovered from that status.