News that Uber was hacked should not really come as a surprise
Source: OAK Consulting for Digital Shadows , Author: James Chappell
Posted: Thu November 23, 2017 12:10 pm

UAE. Following the revelations that taxi app company suffered a data breach that has affected 57 million customers and drivers, James Chappell, CTO and Co-Founder, Digital Shadows, commented:

“News that the darling of the disruptive digital age, taxi app company Uber, was hacked in 2016 with statements confirming that 57 million customers and 600,000 drivers’ personal details were compromised and potentially stolen should not really come as a surprise.
 
While you could be surprised at such an effective architect of the digital world would not be fully prepared for such an event, it does show that even the most tech savvy businesses are open to the menace of data breaches and cyberattacks.
 
We don’t yet know the full picture of what happened at Uber, but their statement says that hackers accessed a ‘private’ area of GitHub, a Web-based data hosting service used by the app developers. That likely means one of two things. 
 
That the ‘private area’ should have been private, but was not for some reason
Or 
it could mean that ‘private area’ is behind the GitHub login pages and some sort of compromise of GitHub must have occurred, most likely by credential stuffing or keylogging.
 
But what is absolutely certain is that this sort of attack should have been spotted sooner and ideally before significant data had been extracted.  If basic login details were stolen, this is something Uber could have been monitoring for and prevented.  The storage of sensitive IT system logins should not have been in that website in the first place.   It appears in Uber’s case they found out about it when the hackers came asking for money to delete the stolen data - $100,000 (£75,000).

Of course, there is little honour amongst thieves and whether paying the ransom had the effect of deleting the data as expected, only time will tell. Security firms often advise not to pay ransoms, as organisations can make themselves a more attractive target should their willingness to pay emerge.
 
Visibility for a business’s digital risks – the shadow they leave on the Internet through their business activities across the surface, deep and dark web – is a critical way to monitor for digital risk and the ability to recognize and respond quickly when something is wrong.
 
Knowing you have a problem is the first step in dealing with it. Cyberattacks are an all too common reality for business today – especially for those at the frontline in the digital revolution. 
 
What is most concerning about this incident is the steps taken by Uber to notify people about the issue and describe what they have done to deal with it.  A long period has elapsed since they were aware.  

Again, we don’t know the full details from Uber, but it is beholden on all businesses who have suffered a data breach to notify their staff, customers, suppliers and in some cases the regulator their data might be exposed, and it doesn’t seem like this happened until now some months after the event.
 
Bottom-line, no matter what your business is like – in the vanguard of the digital revolution, or a more traditional one, you need to have the ability to monitor both your own use of digital technologies, and manage your digital footprint even and especially across third party sites like GitHub and others.

Knowing your digital risk exposure is the only way you can monitor your digital risk itself, and be on top of incidents like this quickly and efficiently.”

Photo Captions:
1. (above)  James Chappell, CTO and Co-Founder, Digital Shadows,
2. (inset)    For illustrative purposes only (File photo)

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: December 17, 2018
UAE. While e-commerce enjoys rapid growth, global attack trends indicate that the retail support sector continues to be a popular target for cybercriminals.
date:Posted: December 16, 2018
UAE. Is IoT compounding the problem?; Using a combination of AI and machine learning, IT staff can recognise, profile and connect every device accessing their network, giving each its own risk profile.
date:Posted: December 14, 2018
INTERNATIONAL. Saxo's team of expert analysts have formulated 10 Outrageous Predictions for the year ahead. Riding roughshod over the consensus, they look at some highly unlikely events that could have a tremendous market impact - if they come to fruition.
dhgate