Uber revealed an year old massive data breach

Nowadays, Cyber-attacks have become a common phenomenon of our daily life. From individual user to business tycoons & tech giants, all are threatened and affected by these cyber-attacks. Last month, on 21st November 2017, we all came across the horrifying news of Uber’s disclosure over massive data breach, occurred last year. As acknowledged by the Uber’s CEO Dara Khosrowshahi in his blog, personal & limited information of around 57 million Uber customers and 6,00,000 drivers were stolen and compromised. However, he also assured that none of the financial data of users like bank account details, credit/debit card details, including trip location history and social security number were accessed and downloaded by the attackers. Hackers managed to steal limited details like names, e-mail ID and phone numbers, only.

Further, Dara Khosrowshahi disclosed the involvement of two hackers (outside the organization) behind the stealing of data from Uber’s then third-party server, namely Amazon Web Services cloud server, using stolen credentials.

It is, pertinent to mention that this massive data breach occurred last year, in the month of October, when Travis Kalanick, the then CEO of Uber was leading the company. Travis Kalanick, along with two other security personnel was cognizable of the data breaches, and managed to hide it during his tenure until the new CEO Dara Khosrowshahi takes over the position, and decided to reveal the truth.

This data breach could have been seen or termed as one of the cyber-attack incidents, but the incident turns out into a scandal, when it was revealed that the company paid an amount of $ 1 million as ransom to hackers to delete stolen records and dispose off the incident of data breach. Instead, informing their customers about the breach and directing them to reset or modify their credentials/passwords as soon as possible, the company decided to keep mum and preferred to conceal and cover the data breach incident by paying hackers.

Like Uber, Yahoo and some other reputed names have taken more than a year, to reveal the information/incidents of data breaches & thefts. It is, obvious that the revelation of such incidents may impact their market and global value, but fooling their users and playing with their customer’s belief & faith, is not at all acceptable.

 

In our earlier posts also, we consistently focused on improving password based authentication & security, and using 2FA as passwords are no more reliable & secure. If you are not secured with 2FA, then you could be the next target of hacker/attackers. Leveraging two-factor authentication may seems to be only best possible solution to get freed out from the worries & epidemic of these rising cyber-attacks and data thefts.

Possible Cyber Attacks That Harm Sensitive Online Data

With the constant rise of the internet, businesses in every domain are moving more and more data onto the World Wide Web. Now, it seems a tedious task for different organizations and government bodies to function without the internet. It (the internet) has made it much easier for the enterprises to share data and information with the users worldwide, and create their identity in today’s competitive market. But, data protection must be the top priority of the enterprises, as various types of cyberattacks are increasing continuously over the internet. More than thousands of people globally every day experience some form of security breach. Cyberattacks occur in many different forms. Cybercriminals develop, or use, the latest methods of attack that can bypass even a highly secure data and information available online. Reliable data protection is a must in the digital age.

Below are the possible cyberattacks that occur on the sensitive online data, and provide harm to it:

Botnets

A botnet is a network of systems combined with the purpose of remotely taking control and distributing malware. Botnets are controlled via C&C Servers (Command-and-Control Servers), and used by the cybercriminals on a large scale for several malicious activities such as stealing private information, exploiting online data and information, DDoS attacks, spam and phishing emails.

Man-In-The-Middle Attack

Man-in-the-middle attack is one of the cyberattacks where an attacker or hacker looks to interrupt as well as breach communications between two separate systems. It is considered a highly dangerous attack because the attacker secretly intercepts and transmits messages between two parties when they are under the belief that they are communicating directly with each other.

DoS (Denial-of-Service) Attack

A Denial-of-Service attack occurs on a network or server where an attacker attempts to prevent legitimate users from accessing information or services. In a typical DoS attack, an attacker attempts to disrupt the normal functioning of a website or the web service, and makes it difficult or impossible for the legitimate users to use the service. The attacker will overload a site’s server with requests above the capacity of the site, meaning that legitimate requests cannot be processed.

The examples of a DoS attack have been given below:

  • Inability to reach a website.
  • A higher than usual volume of spam email.
  • Disrupting service to a specific person or system.
  • Flooding a network with traffic to prevent legitimate traffic from flowing.
  • Preventing a person from accessing a service and disrupting the connection between two specific machines.
  • Degradation in network performance, especially when attempting to open files stored on the network or accessing websites.

Social Engineering

Social Engineering is the act of manipulating people, so that they give up confidential information. The main purpose of this cyberattack is to know secret data and information of the users. This information may include bank details, login credentials, etc.

Identity Theft

Identity theft is a type of cyberattack in which an attacker hacks your secret password, and log in to your valuable online account and data. To prevent this cyberattack, you can simply enable 2FA (Two Factor Authentication) security method on all your online accounts. This method is also referred to as Two Step Verification.

Phishing Attack

Phishing attack, one of the dangerous cyberattacks, is a form of fraud in which the attacker tries to seek information such as login credentials (usernames and passwords) and credit card details for malicious reasons, by masquerading as a reputable entity or person in email or other communication channels.

Hope, you have gone through all the above-listed possible cyberattacks. To better protect your valuable data, never disclose your secret login credentials with anyone.