Über breach – Über long time ago

 

By Martin Quinn (Principal Consultant) 2 March 2015

Many of us use the super convenient dial-a-hire car/rent-a-driver service freely available on our mobile phones. (It’s much easier to get an Über driver at 12pm on a Friday night than it is a Taxi in some metro areas).

For those of us that don’t know anything about Über, Über is a forerunner and poster boy for the sharing economy. It uses the collaborative consumption model, meaning it is based on sharing or pooling of resources for consumption by many (think of the old car pool but on a more individual scale).

Anyway, to use the Über service, you download the app, register your details and credit card information and you’re off to the races. The app allows the consumer to view any available “hire” cars within a 5-10km radius, book their ride and pay without using cash.

Über being the flavour of the month or more the year (2014), has only just disclosed that it was breached last year, in May, and didn’t discover it for 4 months (September). 50,000 drivers details were exposed – drivers names and addresses and driver’s license details (so far this is all they have divulged as being breached). Über has been very quick to provide assurances that no customer data, usernames or passwords were accessed. For me though, this is a contradiction, Über drivers are as much customers as the consumers in my book. This was only disclosed on Friday, which raises the question, why so late in the game? Were drivers notified individually closer to the discovery date? And if they have this attitude towards their drivers, how does this differ for the consumers?

The company has indicated that they will provide a year of identity theft protection for those affected, but what does that mean?  It seems like an empty promise and more like a PR exercise without having to deliver anything.

Its not the first time Über has copped flak for lazy security and privacy though, and it makes me wonder, what more is needed? Will it take a breach that brings their business to its knees before they spend time and effort to become secure? I suppose time will tell.

A cavalier attitude that overrules security with convenience, will unravel soon enough. Sound policies and processes are just good business, and greatly reduce the risk of exposure and security breaches, its something that Über is not strictly following from this latest breach.

If you believe that your company is not addressing security or privacy in a way that protects your business, your customers and/or information that relates to either or both of them, contact Intact Security. We can perform a health check on your security, privacy or if you believe you have suffered a breach, Intact Security can perform digital forensics to determine how it happened and how to make sure it doesn’t happen again.

Contact Intact Security today for an obligation free consultation. We help you protect your business and your customers

Relax. Your security is Intact.

Author: Intact Security
Google

 

Posted on by Martin Quinn in Security Blog