UBER Found Out!

Abi Dakin – Cyber Assurance and Compliance – HCISPP

This week, Uber hit the press again after numerous controversial issues, including sexual harassment cases, privacy and safety concerns.  Now, a concealed hack, releasing both driver and customer details which occurred over 12 months ago has seen them once more in the spotlight.  600,000 employee details, including license numbers and 57million of Uber’s customers worldwide have had their data exposed by two malicious actors, who were reportedly paid $100,000 to delete the leaked data.

Where they face federal charges and fines in the USA, the UK’s Information commissioners office has stated that the way in which the hack was concealed “raises huge concerns around it’s data protection policies and ethics”.

As GDPR approaches, interested parties should note “deliberately concealing breaches from regulators and citizens could attract higher fines for companies”

The hack is understood to have been a case of stolen credentials. Uber Software developers were using the online, open source code store and collaboration tool “Github” where the hackers accessed the site and used the log-in details of employees to expose the data.

Certainly this could have been prevented by ensuring Work credentials are not used outside your corporate environment. Access control policies should include explicit instructions on storing and protecting credentials. By implementing 2 factor authentication (2FA) you vastly reduce the risk of unauthorised access to your environments.

Work credentials are the keys to your kingdom and should be duly protected.

Abi Dakin – Cyber Assurance and Compliance – HCISPP