Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

57M Uber data breach "utterly preventatable"


Centrify says the 57M Uber data breach was "utterly preventable"


Cybersecurity leader Centrify says the Uber data breach of 57 million customer and driver records - which the ride-hailing company hid for more than a year - was “utterly preventable”.

Media reports state that hackers last year stole the personal data of 57 million customers and drivers from Uber Technologies Inc, and that the company paid the hackers to delete the data and keep the data breach quiet.

“While the cover-up is making the headlines, this hack was utterly preventable,” said Centrify’s Senior Director, Products and Marketing, Corey Williams (pictured right).

“We know that the attackers accessed a GitHub coding site used by Uber software engineers, found a set of login credentials, and used those credentials to access the infrastructure account that handled computing tasks for the company. Within that infrastructure, the attackers discovered the archive of rider and driver information.

“Unfortunately, companies continue to rely on a system of trust: Trust that a simple username and password is enough to know who is accessing their network and systems; trust that perimeter security has eliminated all of the bad actors within the network; and trust that once on the network or system that the user should have access to any data or commands.

“While the Uber breach was large in terms of the 57 million customer and driver records lost, if the company had followed standard breach protocol by notifying authorities and impacted users, remediated the problem and laid out steps that they were taking to avoid future breaches, the impact would have been much less.

“History is replete with examples of individuals and organisations turning manageable problems into serious crises simply by trying to hide the truth. Uber was obliged to notify regulators and the impacted users and drivers. Instead, they took extreme measures to hide the hack, paying $100,000 to the hackers to remain quiet and actively took steps to keep the truth under wraps. ”

Mr Williams said the long-standing lesson was that a password was simply not enough for protection. “The time has come to no longer trust in too-easily stolen passwords for ensuring that users are who they say they are,” he said.

“Instead, now is the time to move to a zero-trust approach that only grants access to services based on what we know about the user and their device. A zero-trust stance that ensures all access to services must be authenticated, authorised and encrypted. Only then will these utterly preventable hacks start to subside.”

Centrify is a global security company that redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognised leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify enables more than 5000 customers, including over half the Fortune 50 in the US, to defend their organisations. To learn more visitwww.centrify.com.

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 


Stats: Auckland’s Population Falls For The First Time
In the wake of the COVID-19 pandemic, New Zealand’s population growth slowed down with Auckland recording a population decline for the first time ever, Stats NZ said today. “New Zealand saw slowing population growth in all regions... More>>



BusinessNZ: Third Snapshot Report Reveals $9.5 Billion Business Investment In Climate Action

Signatories to the Climate Leaders Coalition have committed to invest $9.5 billion over the next five years to reduce emissions from their businesses, as revealed in their third anniversary snapshot report released today... More>>

Digitl: The home printer market is broken
Printers are more of a security blanket that a serious aid to productivity. Yet for many people they are not optional.
Even if you don’t feel the urge to squirt ink onto dead trees in order to express yourself, others will insist on printed documents... More>>


Retail NZ: Some Good News In COVID Announcements, But Firm Dates Needed

Retail NZ is welcoming news that the Government is increasing financial support for businesses in light of the ongoing COVID-19 lockdown, and that retail will be able to open at all stages of the new “Covid Protection Framework... More>>

ComCom: Companies In Hot Water For Selling Unsafe Hot Water Bottles And Toys

A wholesaler and a retailer have been fined a total of $140,000 under the Fair Trading Act for selling hot water bottles and toys that did not comply with mandatory safety requirements. Paramount Merchandise Company Limited (Paramount) was fined $104,000 after pleading guilty in the Manukau District Court... More>>



Reserve Bank: Robust Balance Sheets Yield Faster Economic Recovery

Stronger balance sheets for households, businesses, financial institutions and the government going into the pandemic contributed towards maintaining a sound financial system and yielding a faster economic recovery than following previous deep recessions... More>>