Have you taken action regarding the Uber hack?
Either personal (like asking your bank to revoke all cards you used with Uber) or work-related (recheck your security posture so that you won't have a Uber-level catastrophe)?
Going to wage jihad on everything less than FIDO2/WebAuthn in any org where I'm affiliated; previously people were pushing for using push-auth shit (e.g. Microsoft Authenticator) as an option.
Previous jihads against hardcoded credentials (use Vault or equivalent).
Next target after this will probably be Slack.
> [From the end of the article] Lawyers for Mr. Sullivan have argued that other employees were responsible for regulatory disclosures and said the company had scapegoated Mr. Sullivan.
Unless and until CEOs are held personally responsible for such security breaches there will be no solution to the problem. A Chief Security Officer job looks more and more as a designated scape-goat for hire.
I was dumb and they have details for two physical cards + a virtual card that I use in a few other places + my personal phone number that is still pretty hard to find + my personal email address as I used 'sign in with Google' when I recently set it up in a rush instead of my normal 'services/spam' email :(
So yeah not great, but also too much effort to pre-emptively revoke anything so I'll just hope that the fallout isn't too bad.
So many leaks I've given up caring. Actually I haven't had any fraud for a few years now, it feels like getting better? I do rely on Amex now which seems much easier to cancel any transaction.
Sitting here pleased I continually refused to open an Uber account or have anything to do with them.
No action. I'm rarely anxious so it doesn't bother me.
Not yet, I use a unique email and password for Uber.
It sucks for my phone number but it won't be the first hack/leak where it is shown next to my name.
Not sure about the scope of the hack so I won't be canceling my card yet.
Yes, we are running a wargame at work trying to replicate this scenario in our setup.
The vibe I get is this is an internal compromise. Disgruntled employee, maybe looking for evidence of upcoming layoffs, doesn't find them, now makes it look like "a hacker".
PCI standard requires them to report the incident. I think most card issuers would close the affected cards (my bank had done that a few times, rather annoyingly without telling!)
What harm can be done to me, as an uber user that has their cc data in the uber system by this?
Is my credit card information compromised in a way that allows attackers stealing my money?
I never drove for Uber nor worked as a corporate employee (no risk for SSN leak). Have only used them as a customer.
I only paid for their services using Apple Pay. Even if that number was compromised, the CVV would no longer be valid. I think most banks would automatically re-issue the account number (not the physical card number) if they detect fraudulent use.
The only time I saved a card to Uber was before the NFC era (pre-2015/2016). Those cards have long been removed from the account and have expired.
I am not too worried. Worst case scenario, they have my address and name. Which are both publicly available anyways.
Although maybe I shouldn’t be too complacent. If the data is sold, then it will make me more vulnerable to social engineering attacks. Albeit knowing Uber has been hacked I will be much more aware.
Went to try to delete my account, can't login because SMS 2FA doesn't seem to be working.
Yeah, I'm considering an audit for hard coded passwords.
Why are you assuming that any sensitive information about customers have been compromised? Uber is legally required to report to its users what is at risk of having been stolen, and so far they haven't said anything.
Canceling cards preemptively is a nuclear option.
Do we know if the details were stored in a format I need to worry about? If their protocols are in place surely a breach is just high level PII
I just changed my password, and i had 2FA turned on already, that's about it... Any recommendations?
I drove for Uber a couple of years ago. They have my DL and bank routing number. Should I be worried?
I filed a CCPA delete request for Uber a few month back—feeling good about that now!
Well now that you mention it, I enabled 2FA :awkward:
Is it likely to affect Uber eats or are they completely separate?