The Hack that Compromised Uber’s U.S Clients’ Database
Approximately 25m people who suffered a compromise of their data at Uber because of a hack were residents of United States, John Flynn, chief information security officer at Uber Technologies Inc. stated within a written testimony that was submitted to one panel of Senate Commerce Committee.
Among the mentioned victims, 4.1m were drivers who by their testimony elaborated fresh information regarding the hack that prompted Dara Khosrowshahi just appointed Chief Executive Officer of Uber to sack 2 security officials of higher ranks.
According to the company, it was another person partnering the hacker and residing inside Florida who'd really acquired the data. Names, cell-phone numbers and e-mail ids were the constituents of the hacked data. Uber CEO's testimony was presented before one American subcommittee dealing with data security and consumer protection. Cp24.com posted this, February 6, 2018.
At first, the car-riding company categorized the breach to be under its bug bounty scheme therefore didn't tell regulators and the public about it. Flynn testified with acknowledgement that the hack distinctly differed from one characteristically usual bug bounty because sensitive information was downloaded in the hacking process instead of Uber being simply alerted of the security flaw. Reports, which Flynn confirmed, indicated Uber made a $100K payment to a particular hacker for destroying the captured information as also for not letting the public know about the breach.
According to Kansa belonging Republican senator Chairman Jerry Moran, since it was about a year for Uber to notify affected customers the present committee sees red flags in what systemic problems existed that couldn't let such time-sensitive data become obtainable to those who became susceptible.
Any bug bounty scheme like the one Uber used for paying the hacker normally gives financial awards to security investigators who detect security flaws for organizations.
Uber's security personnel communicated with both the hackers and security researchers who assured the stolen database was deleted. Reportedly, during December, the company carried out the Florida-based hacking PC's forensic examination for substantiating the deletions. On February 6, Flynn stated making the payment to the malicious hackers through the bug bounty scheme was an improper thing to do.
» SPAMfighter News - 2/15/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!