Login
“I’ll just Uber home.”
Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their hazards on, looking for their charges. Uber is synonymous with ridesharing and has made it so far into our culture that it’s not just a company name but a verb.
Uber’s reputation has ebbed and flowed since its creation in 2009, and it’s taken another hit recently as more details are coming to light about a massive 2016 cybersecurity breach and the chief security officer’s attempts to cover it up.
In 2016, a ransomware group trawled the internet and gathered Uber’s credentials that opened the door into the company’s server database. The cybercriminals then stole the information of customers and drivers alike and held it for a $100,000 Bitcoin ransom. Joe Sullivan, Uber’s chief security officer at the time, paid the ransom and the criminal group agreed to delete the information they uncovered. While it’s not uncommon for large corporations to give in to cybercriminals and dole out huge ransom payments, Sullivan is facing potential jail time because he didn’t report the incident to the Federal Trade Commission. He was recently found guilty of wire fraud and concealing a felony from authorities.
Uber account holders had their personally identifiable information in nefarious hands without their knowledge. The cybercriminals allegedly downloaded the names, email addresses and phone numbers of 57 million Uber customers and drivers, plus the license plate numbers of 600,000 drivers.1
Organizations have a responsibility to their customers to report any cyberbreaches. With a full name, email address, and phone number, cybercriminals can inflict a lot of damage on an innocent person’s credit, steal money from online accounts, or invade someone’s digital privacy. Customers must act swiftly to put the proper safeguards in place, but they can’t do that if they don’t even know a breach has happened! The longer a cybercriminal has to poke and prod someone’s digital footprint, the more havoc they can wreak and profits they can gain.
Acting swiftly is key to keeping your personally identifiable information (PII) private after a breach, though there are a few measures you can take right now that could prevent your information from being compromised. Here’s what you can do before and after a breach.
One way to shrink your attack surface – or the number of possible entry points into your digital life – is to regularly vet your online accounts and apps. For example, when you’re cleaning your closet, it’s common to donate or trash any clothing you haven’t worn in a year. The same method works for your digital life. If you haven’t logged into a shopping site or mobile gaming app in over a year, it’s unlikely that you will use them anytime soon, so it’s time to say goodbye and delete it.
McAfee credit lock and security freeze are other preventive measures that can keep your credit safe in case your PII is ever compromised. These services make it easy to prevent one or all three major credit bureaus from accessing your credit. In turn, this prevents anyone other than you from opening a bank account, applying for a loan, or making a substantial purchase. If you’re not planning on needing a credit report, it’s a great practice to freeze your credit.
When you first hear of a company’s data leak with which you have an account, the first step you should take is to change your account password. Login and password combinations are often compromised in a data breach. Make sure your new password is strong and is not a duplicate of a password you use elsewhere.
Next, consider running a Personal Data Cleanup scan. Personal Data Cleanup checks risky data broker sites and alerts you if your information appears on any of them. From there, you can take steps to remove your information.
Finally, for the next few weeks, keep close tabs on your financial, online, and email accounts. Watch for suspicious activities like purchases you didn’t make, electronic receipts, notifications, or mailing lists that you didn’t sign up for. McAfee+ Ultimate can help you here with its identity monitoring and full-service Personal Data Cleanup. McAfee+ gives you a partner to alert you and help you recover if your digital privacy is compromised.
Protecting your identity and digital privacy is a two-way street. While identity and privacy protection tools go a long way, individuals also have a responsibility to remain vigilant and take quick action if they suspect their information is compromised. And the ultimate responsibility lies with companies to alert the authorities and their customers after a data leak and to take serious steps to shore up their security to make sure it never happens again.
1The Verge, “Former Uber security chief found guilty of covering up massive 2016 data breach”
The post 57 Million Users Compromised in Uber Leak: Protect Your Digital Privacy and Identity appeared first on McAfee Blog.
You may have spotted the news last week that U.S. federal prosecutors brought charges against the former chief security officer of Uber. At issue was a breach that occurred in 2016, where prosecutors allege that he covered up a $100,000 payoff to the hackers responsible for the attack. The specific charges are obstructing justice and concealing a felony for the alleged cover-up.
While the breach itself is relatively old news and the company has since paid a $148 million settlement along with an agreement to regular audits of its privacy and security systems, this is a reminder that breaches happen. What’s more, it may be some time before you become aware of them, even in instances when companies move quickly, transparently, and in your best interest.
According to research we recently published, nearly three-quarters of all breaches have required public disclosure or have affected financial results, up five points from 2015. Additionally, industry studies show that it can take roughly nine month on average to identify and contain a breach. Yes, that’s more than nine months, and a lot can happen to your credit in that timeframe. Thus the onus is on us to be vigilant about our own credit.
Here’s a quick list of things you can do right now to keep on top of your credit—and that you can do on an ongoing basis as well, because that’s what it takes to keep tabs on your personal info today.
Closely monitor your online accounts: Whether it’s your credit card statements, banking statements, or your individual accounts for services like Uber, review them closely. If you see any suspicious activity, notify the institution or service and put a freeze on your account(s) as needed. Even a small charge can indicate a bigger problem, as that means your information is out there in the wild and could be used for bigger purchases down the pike. In the event you feel your Uber account has been compromised, you can contact them via their “I think my Uber account has been hacked” page.
Update your settings: That includes your privacy settings in addition to changing your password. As far as passwords go, strong and layered passwords are best, and never reuse your credentials across different platforms. Plus, update your passwords on a regular basis. That’ll further protect your data. Using a password manager will help you keep on top of it all, while also storing your passwords securely.
Enable two-factor authentication: While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
Check your credit: Depending on where you live, there are different credit reporting agencies that keep a centralized report of all your credit activities. For example, the major agencies in the U.S. are primarily Equifax, Experian, and TransUnion. Likewise in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. It’s a relatively quick process, and you might be surprised what you find—anywhere to incorrect address information to bills falsely associated with your name. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
Freeze your credit: Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
Consider using identity theft protection: A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity in addition to the activities I’ve listed above. Additionally, you can use a comprehensive security solution such as McAfee Total Protection to help protect your devices and data from known vulnerabilities and emerging threats.
For all the technology we have at our fingertips, our best defense is our eyes. Keeping a lookout for fishy activity and following up with family members when unfamiliar charges show up on your accounts will help you keep your good name in good standing.
The thing is, we never know when the next data breach might hit and how long it may be until that information is discovered and finally disclosed to you. Staying on top of credit has always been important, but given all our apps, accounts, and overall exposure these days, it’s a must.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Uber Data Breach and How to Protect Your Info appeared first on McAfee Blog.
FreshRSS 