Uber Account Hacked and Data Breach Cover-Up Raises Concerns
TLDR Alex Bloomberg's Uber account was hacked and charged for rides in Russia, leading to suspicions of a data breach. Uber's response to the incident, including a cover-up of a previous data breach and failure to notify affected users, has raised concerns about the company's transparency and accountability.
Timestamped Summary
00:00
Alex Bloomberg's Uber account was hacked and he received notifications in Russian, leading him to discover that his account had been charged for rides in Russia and that Uber was treating him as a new user with no record of his previous account.
04:52
Alex tried emailing Uber multiple times, but kept receiving the same form letter response, so he called a number he found in the Uber app and spoke to a helpful lady who couldn't find any record of his phone number or credit card, and ultimately couldn't help him.
09:17
Stolen Uber accounts are being sold on the dark web for as little as four to seven dollars each, suggesting that Uber may have made a mistake rather than experiencing a data breach, and hackers are using a technique called credential stuffing to gain access to accounts by reusing passwords from other breached websites.
13:56
Uber believes that not only was Alex's Uber account hacked, but his Gmail account was also hacked.
18:54
Alex's Uber and Gmail accounts were likely hacked, with the hacker accessing his email account first and deleting notifications before he saw them, and despite having two-step verification on his Gmail account, someone was still able to access it remotely.
23:57
The team tries to determine how the hackers were able to access Alex's Gmail account without him noticing, and they suspect that malware running in the background may have mimicked a legitimate user accessing Gmail.
29:51
The team discovers that the emails from Uber were never actually sent, suggesting that Uber may not be telling the truth about the situation.
35:09
The team discovers that Alex Bloomberg's Uber account was hacked because he used an old work email address and a password that was compromised in previous data breaches.
39:55
Uber covered up a data breach in which hackers stole user data and demanded a $100,000 ransom, but instead of reporting it to the police, Uber offered the hacker a reward through their bug bounty program.
44:34
Uber worked with a third-party company called Hacker One to offer the hacker a reward through their bug bounty program, with the average bug bounty reward being between $500 and $540, but in this case, the hacker was paid $100,000, and in order to receive the payment, the hacker had to provide identifying information to Hacker One, which Uber also had access to, and Uber conducted a forensic investigation on the hacker's computer to ensure the data was deleted, although they couldn't be certain if the hacker had copied the information elsewhere.
49:14
Uber has been criticized for not being transparent about the hack and not notifying affected users to change their passwords, leading to a desire for accountability and an explanation from the company.
Categories:
Technology
Society & Culture