Uber, the global transportation technology company headquartered in San Francisco, concealed a massive hack that exposed the data of 57m users and drivers. If you used the service and had an account in October 2016, this breach could affect you. The firm paid hackers $100,000 to delete data and keep the breach quiet. Chief Security Officer Joe Sullivan was fired for concealing the October 2016 breach. So, what happened and what we can learn from this attack?
The company disclosed on Tuesday that a data breach occurred in October 2016 and reports are circulating that the company also hired a firm to cover up the attack, instead of informing users and regulators.
How'd they get the data?
The hackers stole credentials to the Amazon Web Services (AWS) similar to the Deloitte email attacks due to login security and 2-factor authentication being absent.
Hackers stole personal data including names, email addresses and phone numbers, as well as the names and driver’s license numbers of about 600,000 drivers in the United States. The company said more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.
In his statement, the CEO said it had “obtained assurances that the downloaded data had been destroyed” and improved its security, but that the company’s “failure to notify affected individuals or regulators” had prompted him to take several steps, including the departure of two of the employees responsible for the company’s 2016 response.
Under California state law, for example, companies are required to notify state residents of any breach of un-encrypted personal information, and must inform the attorney general if more than 500 residents are affected by a single breach.
With the public availability of cloud, IntelliGO MDR service always advises to use 2-factor authentication and include logging agents to monitor systems for these types of breaches.