Editor's Pick

Uber Mistake: Data Stored on Public Github Servers

By on
[By Alexander Torrenegra from Secaucus, NJ (New York Metro), United States [CC BY 2.0], via Wikimedia Commons]

Have you ever had that moment when you stored your one password on a publicly accessible database?

That?s what exactly happened to Uber as it mistakenly placed its security key on publicly accessible Github. The Uber Taxi service admitted the misstep on Friday, although it has happened more than two months ago. That?s making it easy for hackers to get access to every license number and information about 50,000 Uber drivers, as per Arstechnica. The purpose for that, though, wasn?t disclosed, although it might be for use in pirating drivers away from the company, perhaps.

That?s why, as per this Info Security article, Uber subpoenaed Github after the leak was discovered. It wasn?t Github?s fault, perhaps, that the information was leaked, considering that it was Uber who?in the first place?stored the sensitive information into Github?s servers. That?s not to say, however, that Github responsibly took care of that information for Uber. Let?s take a look at the events as they unfolded.

?It was Github?s fault?

Rather than take the blame for the fault, Uber preferred to just pass the blame to others, or so looks like it.

Taxi services Uber, as per Info Security, subpoenaed Github after the identities of its drivers were compromised. There are 50,000 drivers working for Uber, and each of their credentials were at the mercy of hackers after a mishap placed the security key for Uber at the hands of public file storage Github. Basically, you wouldn?t put sensitive information in a place like Github, so what happened wasn?t at all clear.

Why the ?unique security key? is in Github in the first place is beyond me, but perhaps, Uber made the mishap?or someone inside Uber did. That someone?s fate is still up in the air, although it?s certain heads will roll after this mishap?it?s just unexpected that Github would be pointed at.

Uber owning up to its Mistake?

Uber, as of the moment, appears to be conducting a wild goose chase.

This after Ars Technica reported that they are currently looking to have Github disclose every IP address of every person who visited their webpage during the likely intrusion to Uber?s database. It?s a reaction to their mistakenly placing a sensitive security key inside Github, which in turn got compromised. Uber, however, is trying to control the damage, even as they are being criticized for their failure to keep private information private.

How Uber will control the damage is unknown. It?s pretty big, what happened to Uber, and if they plan to reassure people that their privacy is of utmost importance, they better start by regaining the information that they?ve lost to hackers.

An Easy Hacking

What happened to Uber could be a precedent for stricter Internet laws, but still, they should have paid more attention to keeping information private. Uber should have been more careful?and more secure?in keeping the information of their clients, considering the confidential nature of the information that they lost.

 

Photo Credit: Wikimedia Commons

About the author

To Top