Uber Breached as Former Security Chief Goes …
Just over a decade ago, the idea of jumping into a random stranger’s car (who you found on the Internet) sounded like a major faux pas in personal security.
Now we use phrases like, “I’m hopping in my Uber,” and take interminable rides to the airport (and beyond) with complete internet strangers – and no one thinks twice. And now, Uber users face other (digital) security concerns.
But on Sept. 15, Uber faced another major data breach, which, according to the New York Times, has potentially left its user data out in the open once again. According to the report, an 18-year-old hacker sent a message over the company’s internal Slack channel, stating: “I announce I am a hacker and Uber has suffered a data breach.”
The young hacker said he did it because of Uber’s “weak security,” according to The Times. BleepingComputer gained access to screenshots and information that said that the hacker accessed HackerOne vulnerability reports, and access to the company’s internal systems, email dashboard and Slack server. Plus, the company’s Amazon Web Services Console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard, according BleepingComputer.
Uber came out with a statement highlighting its assessment at the current point in the investigation. They shared:
“First and foremost, we’ve not seen that the attacker accessed the production (i.e. public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history. We also encrypt credit card information and personal health data, offering a further layer of protection.”
For its part, Uber currently has 60 job openings in Security Engineering, in various locales across the world.
Regardless of the extent of the breach, this news likely shocks anyone who believes companies learn from their mistakes; Uber suffered a major security breach in 2016, where a ransomware attack compromised the data of 57 million driver and rider accounts. This breach resulted in the company’s former security chief, Joe Sullivan, to go up on federal criminal charges as a result of his handling of the matter.
When the two charges were filed in 2020, David Anderson, U.S. attorney for the Northern District of California, told NPR that Sullivan “is being charged with a corporate cover-up and Sullivan is being charged with the payment of hush money to conceal something that should have been revealed.”
Sullivan is currently on trial, where the company’s CEO lamented the fact that he was unaware that the company had paid a ransom – he had been told that it was part of a bug bounty, according to Courthouse News.
Recent news posts
Laid-Off Tech Workers Could Consider Any of the Nearly 800,000 Open Cybersecurity Jobs
The Rise of ChatGPT: How AI Plays a Vital Role In Cybersecurity
Round Up: Partner Blogs Look Toward 2023
Hackers Don’t Take This Week Off: Weekly News Roundup
Lawmakers Prioritized Cybersecurity in 2022
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.