- This is not Equifax, which leaked hundreds of millions SSN; or LinkedIn, which leaked hashed password of millions[1]; or Yahoo, which leaked personal information of billions, including security questions and hashed passwords [2]; or Target, which affected 40MM credit cards [3].
"Compromised data [..] included names, email addresses and phone numbers of 50 million Uber riders around the world, [..] including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken"
- There is no gross incompetence. The breach was due to an AWS access key in a private github repo. I bet you can find enough developers in this forum who store sensitive information in private GitHub repos without git encryption, and who may or may not feel guilty, because of the (false) sense of safety given by 1) the guarantee of github private repo and 2) the fact that access keys can be revoked and are generally handled with less care.
- The response by the new CEO is decisive and timely. The CSO was fired on the same day the CEO learned about the incident. There is also internal review, new advisor, and reasonable protection offered to the drivers affected, even though there is no indication the data is leaked beyond the thief, and driver license numbers are not the best for identify theft.
- This is not Equifax, which leaked hundreds of millions SSN; or LinkedIn, which leaked hashed password of millions[1]; or Yahoo, which leaked personal information of billions, including security questions and hashed passwords [2]; or Target, which affected 40MM credit cards [3].
"Compromised data [..] included names, email addresses and phone numbers of 50 million Uber riders around the world, [..] including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken"
- There is no gross incompetence. The breach was due to an AWS access key in a private github repo. I bet you can find enough developers in this forum who store sensitive information in private GitHub repos without git encryption, and who may or may not feel guilty, because of the (false) sense of safety given by 1) the guarantee of github private repo and 2) the fact that access keys can be revoked and are generally handled with less care.
- The response by the new CEO is decisive and timely. The CSO was fired on the same day the CEO learned about the incident. There is also internal review, new advisor, and reasonable protection offered to the drivers affected, even though there is no indication the data is leaked beyond the thief, and driver license numbers are not the best for identify theft.
[1] https://en.wikipedia.org/wiki/2012_LinkedIn_hack
[2] https://en.wikipedia.org/wiki/Yahoo!_data_breaches
[3] https://www.huffingtonpost.com/eric-dezenhall/a-look-back-at...