Uber has revealed that it suffered a major data breach in 2016, that saw as many as 57 million user records, and 7 million diver records compromised.
It is understood that Uber developers mistakenly uploaded access credentials to the source repository GitHub, where hackers came across them.
These credentials gave access to Amazon’s S3 service where Uber had a significant hosting footprint, from which the hackers were able to access and extract the records.
Threatscape was invited to comment on the event: “Khosrowshahi is quick to point out that the incident ‘did not breach our corporate systems or infrastructure’ – but this is misleading as online companies rarely own the systems they use to store and process data, instead renting capacity from cloud providers such as Amazon, Microsoft and Google.”
For Irish Uber customers Dermot Williams advises: “Make sure you’re not using the same password for Uber as you’re using for other web sites or online services, and if you are you need to change these as a matter of urgency. Also while Uber do not believe customer credit card information was stolen, it always prudent to monitor your statements for any unauthorised transactions”.
Read the full article on Tech Central: HERE
You can also watch the interview on RTE TV news HERE (starts at 0:30)
And listen to the interview on RTE Radio One Drivetime / Business News at 01:12:50