A local TV station just called to ask our take on the Uber breach.
When they call, it’s a good cue to write something about the topic. It also means I must stop thinking about turkey, IPA and college football. Rivalry weekend is something to be cherished indeed.
What went wrong? A company that has danced around the law many times and thoroughly disrupted the transportation continues to wreak havoc.
This time, it is alleged that 57 million user accounts around the world were flat-out stolen. It was not a ransomware attack; this was straight up hacking.
A couple of criminals got into a collaborative coding website called GitHub; from there (possibly pretending to be legit coders) they were able to steal login credentials to an Amazon Web Services site where Uber private data was stored.
They copied it and reached out for payment.
Terms of the blackmail were $100,000; Uber paid the money, and the (allegedly stolen) data was deleted.
Unfortunately for Uber, they appear to a bypass some laws. You know, those pesky regulations that require organizations to disclose info on breaches. The officers that handled the situation are now former employers, so it’s up to new leadership to clean up this dumpster fire.
Breaches happen, mistakes happen in all industries, but the critical step they missed — owning it — makes the situation unacceptable.
What does Uber Leadership have to say? According to Bloomberg: “None of this should have happened, and I will not make excuses for it,” said Dara Khosrowshahi, who took over as chief executive officer in September, in an emailed statement. “We are changing the way we do business.”
No online security could have stopped this from the driver’s perspective.
Complicated passwords, two-factor authentications, dedicated credit cards for online purchases, anti-virus, firewalls … nada. If a vendor is breached, regulatory guidelines are in place by the State and Federal Reserve to help protect data.
It would appear Uber flat-out ignored those.
Talk is cementing its reputation as rouge and outlaw; Uber is the 2017 version of the Waco Kid.
In this day and age, it is time to consider credit monitoring and identity theft monitoring as even another level of required safeguards for what one cybersecurity. The landscape is too vicious not to consider deploying every possible option out there. I use Uber all the time; as a client, I feel like my trust was abused, and their brand is tarnished.
However, they make it really easy to get from point A to point B, so they haven’t lost me yet.
Happy Thanksgiving to everyone out there, enjoy the time with your family, friends and football teams.
Blake Dowling is CEO of Aegis Business Technologies; he can be reached at firstname.lastname@example.org.