Act fast to protect yourself and your data from an Uber hack

Act fast to protect yourself and your data from an Uber hack

Consumers are urged to take action to protect themselves in the wake of a major hack of ride-hailing company Uber’s (Uber) Data systems, even if they only use the service once.

The hack is “enormous,” Chris Lyman, CEO of SafeGuard Cyber, a cybersecurity company based in Charlottesville, Virginia, told TheStreet. β€œCustomers are advised to monitor any card or financial account linked to their Uber app,” he said. β€œThere is a high probability that at least some customer data has been exposed.”

Lehman said the scale of the breach appears extensive since Uber’s cloud systems, security tools, internal databases, and even Slack were compromised.

The Uber app contains a lot of personal information like cell phone number, email address and credit card information, and the app itself has a GPS monitoring system. He said that this could pose a lot of risk to users if “this attack was carried out by a sophisticated hacking group”.

It is still unknown how many customers and Uber drivers have had their information exposed to hackers or when it will end up on the dark web.

How can consumers protect themselves

Daryl MacLeod, director of virtual information security at LARES Consulting, a Denver-based information security consultancy, told TheStreet that consumers who have used Uber even once risk having their personal information compromised.

Uber collects a lot of personal data, including a person’s travel history with home and work addresses.

β€œYou don’t want this data to fall into the wrong hands,” he said.

MacLeod said consumers should immediately enable two-factor authentication (2FA) and monitor credit card data and credit reports for any suspicious activity.

READ ALSO :   The share of the US dollar in global foreign exchange reserves increased in the second quarter; Euro share vouchers - IMF data

After a major hack occurs, consumers should always change their password immediately. If the password used for the Uber app is also reused elsewhere, it should be changed as well.

Using strong, unique passwords for all online accounts is one way consumers protect themselves, said Darren Guccione, CEO of Keeper Security, a Chicago-based cybersecurity software company Distrust and Lack of Knowledge.

“This will limit spam crawls if their information is stolen and published on the dark web,” he said. β€œA password manager is an important tool for generating high-strength random passwords for every website, app, and system. Dark Web Monitor will alert consumers if their data is available online, so they can take immediate action to protect themselves.”

Additionally, consumers should always choose to add a credit card to any online app or account rather than using a debit card.

β€œIf the debit card is stolen, the money is withdrawn from your account immediately and the consumer will have to fight to get their money back,” Lehman said. “With a credit card, you have the opportunity to challenge fraudulent charges without losing your money.”

It is the responsibility of companies to protect their network and data for these types of cyber attacks because consumers are at risk and do not have many preventive strategies.

β€œThe consumer has no control over their data once it is shared with the app,” he said.

Uber is doing the responsible thing

Uber has done the “responsible thing” by shutting down its Slack and working with law enforcement, Debrup Ghosh, senior product manager at Synopsys Software Integrity Group, a provider of integrated software solutions based in Mountain View, California, told TheStreet.

READ ALSO :   Elon Musk could lose a lot in three days

He said that while taking wise steps is a good idea, consumers “maybe they don’t need to panic and shut down their credit or debit cards just yet.”

Ghosh said payment gateways have fraud detection systems that “may be triggered automatically if an unauthorized purchase is detected by the systems of large credit card companies.”

He said many consumers use services from big tech companies like Amazon and Google, who all have access to personal data, consumer preferences and geo-location data such as home and work addresses.

“Examples like these illustrate the value of consumers demanding that major companies take data security seriously and act as model corporate citizens,” he said. β€œCompanies with a strong security culture will not only serve consumers better, but also protect and improve shareholder value in the long run.”

Attack details

Uber said the cyber attacker hacked into an employee’s account via Slack, a workplace messaging software tool.

The hacker used Slack to send a message to Uber employees about the data breach, an Uber spokesperson told the New York Times on September 15. The scammer also appears to have gained access to other internal systems because an explicit image on an employee’s inside information page was also posted, according to the report.

The company and researchers on the platform told the Wall Street Journal that the hacker, who was identified by Telegram, hacked access through an Uber account with HackerOne, a company that helps companies work with security researchers.

Researchers said the hacker had access to the administrative accounts that Uber uses to manage its technology systems, including Google’s cloud, Amazon Web services and VMware systems, according to the Wall Street Journal article.

READ ALSO :   Innovation, Technology and Celebrities: Grand StyleStore Opening Ceremony at Alto Rosario

The hacking incident against Uber is raising many questions about the security of consumer data. The company was the target of a cyber attacker in 2016 that exposed personal and financial information from 57 million of its customers and drivers.

Newsletter Updates

Enter your email address below to subscribe to our newsletter