Nov 21 2017
Bloomberg and Reuters articles plus my comments
If you have used Uber before this Oct 2016 breach you may want to try and confirm what data was exposed and take appropriate steps if needed.
They are saying the attack included names, email addresses and phone numbers.
It is very concerning that the breach was not reported to regulators and users in the Countries affected initially as required. Their Chief Security Officer and another exec fired after it alleged they consealed the breach and paid off the hackers. Were they skate goats paid off to take the fall? The trend in serious wrongdoing and investigations is there.
How can they be certain the stolen data deleted? This is only encouraging more hacking.
British law carries a maximum penalty of 500,000 pounds ($662,000) for failing to notify users and regulators when data breaches and similar laws in many other countries.
Is there a balance they can find where there is an deterent but not encouraging concealing?
The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc. and Equifax Inc
The way this breach occured should be a warning to companies, software devolopers and others involved.
Two hackers gained access to proprietary information stored on GitHub, a service that allows engineers to collaborate on developing software code. There, the two people stole Uber’s credentials for a separate cloud-services provider where they were able to download driver and rider data. A GitHub spokesperson said their secuirty systems were not compromised.