Lately, not a week goes by when we do not hear about a massive breach or data leaks in multi billion dollar companies. This time it is Uber’s turn to appear in the headlines for all the bad reasons. According to a statement released by their CEO, Uber paid $100,000 to hackers who got unauthorized access to confidential information of around 57 million customers and drivers in the form of Drivers’ License, address, phone number. Although this leak occurred in late 2016 Uber made this public just last week. This raises all kinds of questions about a company which was already in the limelight because of poor management in the past.
How it happened
According to the statement released to Bloomberg, attackers got access to publicly available source code on Github uploaded by two Uber software engineers. There, the attackers found login credentials of Uber’s Amazon AWS cloud storage servers where their data is stored. From there, attackers were able to access confidential information of over 57 million individuals.
Jeremy Grossman, Chief of Security Strategy at security firm SentinelOne said, “This was not a sophisticated hack. Companies frequently accidentally keep credentials in source code that is uploaded to GitHub”
How big is it
While it is in no comparison to the other massive data breaches in the past couple of years (like Yahoo or Equifax), it is still alarming to note the way that this breach occurred. This was a result of sheer negligence on the part of the software engineers and code review process.
What it means to me as a rider
Uber says that since the breach did not disclose any credit card information, riders are not at the risk of fraudulent transactions. But their email addresses, names, phone numbers were exposed which have a huge market for in the Dark Web. Customers could get an increased number of spam calls, phishing emails and threatening messages asking them for money. In addition to raising panic among people, it instills a feeling of resentment in the public as the company did not comply to cybercrime disclosure laws in the US.
What it means to me as a driver
If you are a driver with Uber, things are worse for you. Since your personal information was leaked to the hackers, there is a higher possibility of them being able to point out who “you” are, especially if your drivers license number was made public. If you are a driver, Uber says they would be reaching out to you and provide free credit monitoring and identity theft protection.
Despite all that, it is a feeling of mutual trust that Uber has diluted that they need to get back. Earlier this year, they were in the spotlight for all the wrong reasons because of multiple lawsuits related to sexual harassment and worker rights. In addition to that, they are in the middle of another copyright infringement lawsuit against Waymo, Google’s self-driving car division.
With this kind of bad publicity, the company which is regarded as the world’s most valued start-up will really need to come clean (and quickly!) in order to be able to get ahead of the competition and most importantly, make the customers feel safe again.
2 thoughts on “Uber data breach affects 57 million drivers and riders”