Ride-sharing technology company Uber, concealed a hack that affected 57 million customers and drivers. The hack took place in 2016 and then-CEO Travis Kalanick reportedly was privy to the fact.
The hack was carried out by two perpetrators who were able to access a private GitHub coding site used by Uber software engineers. The hackers then accessed data stored on an Amazon Web Services account that handled computing tasks for the company. This, they were able to accomplish with login credentials they were able to obtain. These hackers then found an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. The hackers were able to get 57 million names, email addresses and mobile phone numbers. The names and driver’s license numbers of around 600,000 drivers in the United States were also compromised.
What is coming out from many of the recent hacks is that the hacking happens in a chain of events. A person (mostly an employee of the company that gets hacked) also has accounts in other places that may not be so secure. The hacker picks up the login details, passwords and other credentials from those places and tries it out in the company account to get vital information. Hillary Clinton’s campaign hacking also happened that way where the hackers first got information from the gmail accounts which obviously were not so secure. The recent hacking at Onelogin had a similar Modus Operandi followed by the hackers.
This points at two things. First, it is the Management of Identity of the person that is more important than just securing his company account. Second, hackers attack the weakest link in the chain to get vital clues that are then used to attack important accounts. In any case it is important to secure the vital accounts thru MFA (Multi Factor Authentication) and strong Password Management.