The Uber hack that stole the data of 57 million people!

23 Jan

If you’re wondering if it’s really that important to update your security and back up data, perhaps news of the Uber hack (and subsequent concealment for over a year) can spur you on to do so.

In November 2016, Uber experienced a massive hack which compromised the personal information of 57 million riders and drivers. While this is considered minor when compared to the hacks experienced by the likes of Yahoo and MySpace, it’s still major in terms of Uber’s client base, not to mention the fact that Uber has faced various privacy infringements and warnings in the past.

Where Uber Went Wrong

One of the biggest mistakes that Uber made when the attack hit was to conceal it. The company who was contacted by the hackers decided to pay over a sum of $100 000 to keep the hackers happy and to ensure that the public did not catch wind of the situation. And for a while it worked…until recently that is.

Dara Khosrowshahi, the new chief executive officer since September 2017, claims that Uber will be changing the way it does business and that means being more transparent in terms of breaches and ensuring that the correct steps are taken to safeguard against such incidents, and keep people informed of when and how it happens.

Uber also failed to report the data breach and has admitted to such! It is required by law for companies to alert people and government agencies when a data breach occurs.

This Isn’t A First For Uber

While Uber had found out about the attack in November 2016, just after it happened, the company was still in the throws of settling a lawsuit with the New York Attorney General. The lawsuit was focused on data security disclosures and the company was in serious negotiations on how to handle consumer data with the Federal Trade Commission. As it happens, the company also failed to disclose a data breach in 2014 for which it was fined $20 000.

How Was The Hack Uncovered?

The hack was quite simply uncovered by an outside law firm that was hired to investigate the activities of Joe Sullivan’s security team. Joe Sullivan was the security chief during the time of the incident. The investigation into the security team is what led to the discovery of the covered up hack.

So, What Really Happened?

Two hackers set their sights on Uber in October / November 2016. Uber security received an email from the hackers demanding money for the safe return of their data. The hackers gained unauthorised access to GitHub which is used by Uber software engineers for coding purposes.

At GitHub they accessed the login credentials of the software engineering team and were further able to access Amazon Web Services Accounts where an archive of driver and rider information was stored.

How Uber Handled The Situation

According to Khosrowshahi, when the incident occurred, the company jumped into action and took immediate steps to secure data and systems. Khosrowshahi said in a statement “we also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts”.

For Uber drivers affected, the offer is for the company to provide free credit protection monitoring and identity theft protection.

What We Can Learn From Uber’s Mistakes

This particular hack can provide many companies with a great deal of insight and guidance.

First and foremost, hackers shouldn’t be negotiated with. It’s imperative that companies ensure their security systems are advanced enough to deter the efforts of a hacker.

If a hack occurs, the affected individuals and the authorities must be notified promptly. This will give users the opportunity to change passwords and ensure that their financial accounts are safeguarded.

It is also important to backup data to a secure location where encryption ensures that no data is breached or accessed. At Soteria Cloud we can assist you with this.

Want to know more about the dangers of covering up a data breach? Get in touch with us at Soteria Cloud and chat with us further today.

 

Comments are closed.