Uber’s security breach teaches us many hidden things

By VARINDIA - 2022-09-18

The user of the smartphones has to be smart enough on how and what to see in the smartphone . If you are not smart enough, you may land up in a great disaster. Your entire earned amount can be taken out in few seconds. That’s one pretty big reason why the Uber security breach is such a big deal.

A 18 year old hacker has involved in mass-scale attacks to Uber. He successfully obtaining the employee’s account password, the hacker tricked the employee into approving a push notification for multifactor authentication. The intruder then uncovered administrative credentials that gave access to some of Uber’s crown-jewel network resources. Uber responded by shutting down parts of its internal network while it investigates the extent of the breach.

We put a lot of trust into companies with our data. Some security breaches can ruin lives if the data falls into the wrong hands, and if I had an Uber account that I had used more than once, I’d be worried about what information may now be out there on the internet. There’s no telling what was stolen, as treasure troves of data like that can be sold for a lot of money on the underground market. Even if your smartphone is secure with a password, you’re putting a lot of trust in your phone’s security systems.

Only recently was a vulnerability in the Titan M security chip (found in Google Pixel phones) fixed in an Android security patch update, and it allowed for escalation of privilege with “user interaction not needed for exploitation”. Researchers were then able to extract cryptographic keys that should never leave the device.

Uber's breach taught us to re-evaluate the companies that you trust. The screenshots provided evidence that the individual had access to assets, including Uber’s Amazon Web Services and G Suite accounts and code repositories.

In other words, Uber’s breach should be a call to re-evaluate the companies that you trust, and with what data. While we don’t fully know the scope of that breach just yet, it was only a matter of time before a company had a breach of this potential scale.

While companies are expected to follow best practices in storing user data (including hashing and salting user passwords, credit cards, and more), you’re putting a lot of trust in companies to have followed those best practices. Even if a company claims to have encrypted those passwords, that doesn’t mean you’re safe forever if that data leaks.

Uber had MFA, short for multifactor authentication, in place in the form of an app that prompts the employee to push a button on a smartphone when logging in. To bypass this protection, the hacker repeatedly entered the credentials into the real site. The employee, apparently confused or fatigued, eventually pushed the button. With that the attacker was in.

Name:
Email:
Comment:

INTERVIEWS

"Due to its commitment to an enhanced user experience, we see customers gravitating towards Lenovo"

Shreiya Commercial finds increased traction for asset recovery, security solutions, and remote management services

Evolution of Prime Distributors from a Box-seller to a solution provider

Backed by a 40-year-old legacy, Computacenter helps customers in their digital journey

With a motto of ‘Customer Satisfaction’, Direct IT Solutions offering customers with innovative Lenovo goods

Aruba aiding Ingram Micro with best-in-class digital products of the future to help organizations consolidate and simplify their network infrastructure

TOP VIDEOS

India to attract $100 billion in FDI this fiscal

CIO - SPEAK

Beauty & Beyond to hire interns to fill the talent gap

Tarun Bali Vice President - Information Technology, Beauty & Bey...

Harnessing STEM and boosting skills: ways to overcome talent crunch

Dr. S. K. Meher CIO, Department Of Computer Facility, AIIMS &nbsp...

Technology aids to business outcome and this led to an increase in skilled resources

Shweta Srivastava CTO, Paul Merchants Finance The shortage of...

Start-Up and Unicorn Ecosystem

Pure Storage advances its sustainability efforts, helping cu...

Amdocs announces 5G-native charging solution - Amdocs Chargi...

Unisys and 1E to expand digital employee experience leadersh...

Siemens announces its open digital business platform ‘Siemen...

Mindtree builds a digital command and control solution for L...

Dassault Systèmes to help Havells boost productivity of its...

UST and GGI to offer innovation in the green technology mark...

OPPO to contribute to the development of 3D graphics on mobi...

HCL Technologies and Intel set up CoE for DWP services

Searce sets-up its CoE and ‘Futurify Lab’ in Mumbai

SECURITY

71% of Cybersecurity Professionals Feel They’re Losing Ground Against Cybercriminals

Trellix released in it's global research revealing the cost of siloed security, weak s...

Kaspersky Industrial CyberSecurity suite offers EDR and risk & compliance assessment of OT

Kaspersky has introduced EDR and risk & compliance assessment capabilities in its Indu...

Trellix sets up Advanced Research Center to power global threat intelligence

Trellix has announced the establishment of the Trellix Advanced Research Center to advance...

SOFTWARE

Pega brings Customer Data Connectors for deeper, AI-powered data analysis and better customer outcomes

Pegasystems Inc. announced Customer Data Connectors that enable clients to easily connect...

Micro Focus announces availability of Enterprise Suite for application modernization on Google Cloud Marketplace

Micro Focus announced the availability of its Enterprise Suite for application modernizati...

Accenture to boost Cyient’s Digital Transformation Journey

Accenture is enabling Cyient to reinvent and enhance its business operations using digital...

START - UP

Soroco and Whatfix Announce Strategic Partnership

Soroco, the world’s first work graph company, today announced a strategic partnershi...

Gift Card pioneer Qwikcilver Solutions merges with Pine Labs

Leading merchant commerce omnichannel platform, Pine Labs today announced the completion o...

Volvo Financial Services Invests in Financial Literacy Programs for Youth through Partnership

Volvo Financial Services (VFS) announced that it is investing in the teaching of financial...

SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) -2018
BANGALURU

STAR NITE AWARDS(SNA) - 2018
NEW DELHI

ODISHA INFORMATION TECHNOLOGY FAIR(OITF)-2019
BHUBANESWAR

WESTERN INDIA INFORMATION TECHNOLOGY FAIR(WIITF) - 2019
MUMBAI

PERIPHERALS

U&i brings Three Premium Wearables

U&i has launched three new wearables designed to help users stay fit and active while...

Taiwan Excellence brings a range of smart gaming gadgets to enhance gaming experiences

Taiwan Excellence (TE) has been offering uber cool, high-end and some of the most powerful...

Logitech unveils the G502 X gaming mouse in wired, wireless and PLUS versions

Logitech G has announced the G502 X, G502 X LIGHTSPEED and G502 X PLUS, the latest version...

ViewSonic unleashes VP2756-4K Pantone Validated ColorPro Monitor

ViewSonic Corp. announced a new addition to their latest Pantone Validated series - VP2756...

INDUSTRY EVENTS

DSCI’s National CoE and IIT Bombay host Cybersecurity R&D Roadshow 2022

National Cybersecurity Centre of Excellence (NCoE), a joint initiative of Data Security Co...

New draft of Data Protection Bill is being worked on to augment efficient usage knowing it would be used by the industry: Additional Secretary, Meity

Speaking at the CII International Technology Summit 2022 “Technology 4.0 Adoption, A...

20th edition VARINDIA INFOTECH FORUM: Remote Work and Digital Transformation to rule the roost

Manmohan Brahma, Manager - Solutions Architect, Amd India Mega Region. S. Mohini Ratna, Ed...

NVIDIA to host GTC conference

NVIDIA announced that it will host its next GTC conference virtually from September 19-22,...

E- COMMERCE

KDEM declares Partners in Progress for GCC Conference 2022 to reinforce its Spoke Shore Strategy for Karnataka

The Karnataka Digital Economy Mission (KDEM), in its effort to reinforce its commitment to...

NIXI announces nationwide campaign "Har Ghar Digital, Har Jeevan Digital" on 75th Independence Day

On India's 75th Independence Day, the National Internet Exchange of India (NIXI) annou...

PhonePe brings Smart Speaker for reliable and convenient payment tracking

PhonePe announced the launch of its Smart Speaker for reliable and convenient payment trac...

BIAL intros omnichannel payment solution in partnership with Kotak and Phi Commerce

With an aim to facilitate a seamless payment experience for customers, Bangalore Internati...

MOVERS & SHAKERS

G7 CR Technologies ropes in ex Microsoft executive Rajkumar Solomons as CEO for its Telecom Cloud Business in MEA Region

G7 CR Technologies announced the appointment of Rajkumar Solomons as its CEO to manage its...

Ecobillz onboards Neeraj Bidi as Head of Operations and Customer Success

Ecobillz has announced the appointment of Neeraj Bidi as Head of Operations and Customer S...

Tenable ropes in Patricia Grant as Chief Information Officer

Tenable announced that it has appointed Patricia Grant to Chief Information Officer (CIO)....

Veeam Appoints Rick Jackson as Chief Marketing Officer

Veeam® Software, the leader in backup, recovery and data management solutions that del...

CHANNEL - BUZZ

Synersoft Technologies, launches New Technology to save hardware and software costs for MSMEs

MSMEs are expected to invest in Information Security and Data Protection systems to meet t...

Beetel Teletech to manage circulation of Utimaco’s HSM platform in India

Beetel Teletech announced its new distribution partnership with Utimaco. The deal authoriz...

TechnoBind partners with FileWave to offer customer-driven Unified Endpoint Management Software

TechnoBind announces its collaboration with FileWave, a pioneer in multi-platform mobile d...

Hoonartek becomes a Snowflake Select Partner

Pune headquartered Hoonartek has announced its “Select” partner status with Sn...

The New Telecom Bill