Smartphones are the center of so much of our lives — and for good reason. Several studies have suggested that smartphones themselves are an extension of humans at this point, which is why privacy violations are so egregious. If you think about it, it makes sense. We send messages to our loved ones, plan our days, and interact with the real world using our smartphones as the primary means. This is one of the big reasons why the Uber security breach is such a big deal.
If you’ve ever used a ride-hailing service like Uber, step back and think about the type of data you entered into the app. You have certainly entered the addresses, and you may have entered your home address more than once. How did you pay? with your credit card? And you obviously had to link your phone number and email too, right? What about your full name? If any single piece of information is shared online, you should probably be fine. But all in one place at the same time? This is bad and is a recipe for identity theft, credit card fraud, or at worst, real-world repercussions such as stalking or assault. In 2017, the US credit bureau Equifax was hacked and offered settlement funds to affected users and free credit monitoring for life. As many as 147.9 million Americans were at risk of having their identities stolen, as information such as SSN, full names, dates of birth, and more were logged.
There can be repercussions in the real world such as stalking or assault
Currently, the scope of the security breach at Uber has not been confirmed. Reports indicate that the hacker gained access to nearly every sector within the company, including financial data, application source code, and databases containing user information. They are said to have recovered the keys to the castle, and a report from New York times Allegedly interviewing the hacker. kicker? According to that interview, the hacker is only 18 years old. There is clearly a world in which they may lie about their age (and other information in that interview as well) but there have been plenty of young people who have participated in large-scale attacks like this in the past.
We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post additional updates here as they become available.
– Uber Comms (@Uber_Comms) September 16, 2022
The data we share defines us
If someone steals and accesses your smartphone, they will likely find out everything about you. They will find out about your interests, habits, where you live and more, but that’s not all. They can discover all kinds of personal information, they can discover your health records, and they can probably stalk you based on your location history and the places you frequent if they want to. If you have a pet, your pet’s name should be located somewhere on your phone as well. One in three Americans, according to a research analyst auraAnd the Use their pet’s name as a password. If you are one person in three, that person who stole your phone may now be able to access your online accounts as well.
We put a lot of trust in companies with our data. Some security breaches can ruin lives if data falls into the wrong hands, and if I had an Uber account that I used more than once, I would be concerned about information that might now be available online. Nothing is stolen, as a treasure trove of data like this can be sold for a lot of money in the underground market. Even if your smartphone is secure with a password, you put a file Many of trust in your phone’s security systems. Only recently was a vulnerability in the Titan M security chip (found in Google Pixel phones) in an Android security patch update, and allowed privilege escalation with “user interaction not necessary for exploit”. The researchers were Capable of extracting encryption keys It should never leave the device.
The Uber breach should be an invitation to re-evaluate the companies you trust
In other words, the Uber breach should be a call to reassess which companies you trust, and what data is. While we don’t know the full scope of this breach yet, it was only a matter of time before the company breached this potential scope. While companies are expected to follow best practices in storing user data (including hashing and salting user passwords, credit cards, and more), you place a lot of trust in companies that follow best practices. Even if a company claims to have encrypted these passwords, that doesn’t mean you’re forever safe if that data leaks.
As an example, take Riot Games league of legends. In 2012, the company was hacked, with several PINs and “encrypted” passwords leaked online. In 2018, a subset of that data leaked online using plain-text passwords likely was cracked from “encrypted” passwords six years ago. Ten years is a long time and security standards have evolved since then, but the point is that you never know what happens to your data at any given time once it’s there.
If you have an Uber account, it is definitely worth keeping an eye on the news to see what data has been leaked, if any. Even if it turns out that nothing has been shared online, the company still confirms the breach and it’s troubling to think about what someone might have to gain access to your personal life.
[ad_2]
