Commentary from Sophos: Uber Breach Affects 57m Customers and Drivers
If you are writing a story on the news, below is expert commentary from Sophos Principal Research Scientist Chester Wisniewski, that you are welcome to include in your article:
“Uber’s breach demonstrates once again how developers need to take security seriously and never embed or deploy access tokens and keys in source code repositories. I would say it feels like I have watched this movie before, but usually organizations aren’t caught while actively involved in a cover-up. Putting the drama aside and the potential impacts from the upcoming GDPR enforcement, this is just another development team with poor security practices that has shared credentials. Sadly, this is common more often than not in agile development environments.”
For additional perspective, you may also use the below quote from James Lyne, Sopho cyber security advisor:
“Uber isn’t the only and won’t be the last company to hide a data breach or cyberattack. Not notifying consumers puts them at greater risk of being victimized with fraud. It’s for precisely this reason that many countries are driving to regulations with mandatory breach disclosure.”
For Uber customers and drivers, Sophos advises that they monitor their credit scores and keep their eyes peeled for additional information on what was stolen.
For additional tips and up-to-date information about the Uber breach, please refer to the Sophos Naked Security article, Uber suffered massive data breach, then paid hackers to keep quiet.
Please let us know if you have any questions or would like an interview with one of our security specialists for further comment.