Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uber Discloses Database Breach, Targets GitHub With Subpoena

Posted by Soulskill on from the another-day-another-breach dept.

New submitter SwampApe tips news that Uber has revealed a database breach from 2014. The company says the database contained names and diver's license numbers of their drivers, about 50,000 of which were accessed by an unauthorized third party. As part of their investigation into who was behind the breach, Uber has filed a lawsuit which includes a subpoena request for GitHub. "Uber's security team knows the public IP address used by the database invader, and wants to link that number against the IP addresses and usernames of anyone who looked at the GitHub-hosted gist in question – ID 9556255 – which we note today no longer exists. It's possible the gist contained a leaked login key, or internal source code that contained a key that should not have been made public."

5 of 47 comments (clear)

  1. Just a distraction from the real fail... by NimbleSquirrel · · Score: 5, Interesting

    Any hacker with any decent opsec would not be showing their actual IP address. The subpoena request is just smoke and mirrors to hide Uber's own security fail. Even if GitHub were to hand over the data, they would likely find nothing useful. Uber know that GitHub will not hand over that data without a fight. I am willing to bet that Uber are going to start claiming that the hack isn't their fault because GitHub won't hand over the data. If Uber already know the public IP of the hacker, why do they need the info from GitHub to proceed? Meanwhile the actual security fail of Uber making their database access info publicly accessible gets overlooked.

    1. Re:Just a distraction from the real fail... by Anonymous Coward · · Score: 3, Interesting

      Lots of companies employ junior devs they can push around.

      I'd bet my life that Uber has no opsec procedure at all for sharing keys on their dev team.

      The dev was an idiot, sure, but s/he probably thought a secret gist was "good enough". And now this kid is gonna be the fall guy/girl for a failure of technical and managerial leadership.

    2. Re:Just a distraction from the real fail... by Anonymous Coward · · Score: 4, Interesting

      There's tons of very skilled and usually-careful criminals in prison.

      The above is complete bullshit.

      The prisons house people who were sloppy, stupid, and lazy.

      The smart criminals are in political office and on boards of corporations.

    3. Re:Just a distraction from the real fail... by Anonymous Coward · · Score: 2, Interesting

      Any hacker worth their weight surfs hidden all the time just for the very reason you mentioned. Hackers leech git around the clock looking for keys and chances are that's how it was found. Even if they narrow it down it's going to be damn near impossible to prove.

  2. Slashdot layout by Anonymous Coward · · Score: 2, Interesting

    Just got back from a two week vacation without internet so maybe I missed the memo... but what the FUCK happened to the slashdot layout? It's all jacked up and completely unusable... Is this the new beta bullshit?