Jump to content

In major goof, Uber stored sensitive database key on public GitHub page

Victorious Secret
 Share
Posted

facepalm-statue-640x427.jpg

 

Ride-sharing service subpoenas GitHub for IP addresses that accessed security key.

 

 

Welcome to Uber, where we store private keys on a server we don't even own, much less can control the security of. 

 

On one hand, I like what these guys have done to shake up the taxi industry and put the established players on their asses a little, but then they go on and do exceptionally silly nonsense like this. 

 

Uber. Get your shit together. For your sake as much as your consumers. 

 

 

Uber officials have yet to say precisely what information was contained in the two now-unavailable GitHub gists. But in a lawsuit filed Friday against the unknown John Doe intruders, Uber lawyers said the URLs contained a security key that allowed unauthorized access to the names and driver's license numbers of about 50,000 Uber drivers. The ride-sharing service disclosed the breach on Friday, more than two months after it was discovered.

 

"The contents of these internal database files are closely guarded by Uber," the complaint stated. "Accessing them from Uber’s protected computers requires a unique security key that is not intended to be available to anyone other than certain Uber employees, and no one outside of Uber is authorized to access the files. On or around May 12, 2014, from an IP address not associated with an Uber employee and otherwise unknown to Uber, John Doe I used the unique security key to download Uber database files containing confidential and proprietary information from Uber’s protected computers."

http://arstechnica.com/security/2015/03/in-major-goof-uber-stored-sensitive-database-key-on-public-github-page/

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Just another reason why I think Uber is shit.

Main Rig: CPU: AMD Ryzen 7 5800X | RAM: 32GB (2x16GB) KLEVV CRAS XR RGB DDR4-3600 | Motherboard: Gigabyte B550I AORUS PRO AX | Storage: 512GB SKHynix PC401, 1TB Samsung 970 EVO Plus, 2x Micron 1100 256GB SATA SSDs | GPU: EVGA RTX 3080 FTW3 Ultra 10GB | Cooling: ThermalTake Floe 280mm w/ be quiet! Pure Wings 3 | Case: Sliger SM580 (Black) | PSU: Lian Li SP 850W

 

Server: CPU: AMD Ryzen 3 3100 | RAM: 32GB (2x16GB) Crucial DDR4 Pro | Motherboard: ASUS PRIME B550-PLUS AC-HES | Storage: 128GB Samsung PM961, 4TB Seagate IronWolf | GPU: AMD FirePro WX 3100 | Cooling: EK-AIO Elite 360 D-RGB | Case: Corsair 5000D Airflow (White) | PSU: Seasonic Focus GM-850

 

Miscellaneous: Dell Optiplex 7060 Micro (i5-8500T/16GB/512GB), Lenovo ThinkCentre M715q Tiny (R5 2400GE/16GB/256GB), Dell Optiplex 7040 SFF (i5-6400/8GB/128GB)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I wonder if Uber's IT department (if they even have an in-house one) even thought that was a bad idea to do.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Uber cheap; Uber stupid.

 

Uber rekt

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I have never used Uber and now I definitely want to keep it that way.

Laptop - Lenovo Y50   Keyboard - Corsair K95 RGB Cherry MX Brown   Mouse - Logitech G502 Proteus Core   Mousepad - Razer Firefly


 


Please read the LTT Code of Conduct before submitting a post

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Its amazing how they can screw up something this simple. I mean, seriously, its 2015. You would think that the people running these companies would have at least a bit of knowledge on how to securely store data. Apparently not.

Case: Phanteks Evolve X with ITX mount  cpu: Ryzen 3900X 4.35ghz all cores Motherboard: MSI X570 Unify gpu: EVGA 1070 SC  psu: Phanteks revolt x 1200W Memory: 64GB Kingston Hyper X oc'd to 3600mhz ssd: Sabrent Rocket 4.0 1TB ITX System CPU: 4670k  Motherboard: some cheap asus h87 Ram: 16gb corsair vengeance 1600mhz

                                                                                                                                                                                                                                                          

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Just another reason why I think Uber is shit.

I guess you could say thier.... UBER SHIT

puns aside why are they calling this a breach? It's not????

4790k @ 4.6 (1.25 adaptive) // 2x GTX 970 stock clocks/voltage // Dominator Platnium 4x4 16G //Maximus Formula VII // WD Black1TB + 128GB 850 PRO // RM1000 // NZXT H440 // Razer Blackwidow Ultimate 2013 (MX Blue) // Corsair M95 + Steelseries QCK // Razer Adaro DJ // AOC I2757FH

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×