Uber invested millions of dollars in security infrastructure designed to protect customer data but In October 2016, they experienced a massive data security incident. Hackers stole personal information from 57 million user accounts including email addresses, names, phone numbers and driver licenses. Exactly the type of data hackers need to propagate financial fraud and damage the Uber brand.
Details of this case are fantastic. Hackers were paid $100,000 ransom and asked to sign a nondisclosure agreement. Uber did not notify customers until a year after the incident. Hackers were expected to comply with the nondisclosure agreement and delete data upon payment. Of course there is no means to verify Hacker compliance. This type of breach hits Uber at its core need for customer trust. Uber is now facing legal challenges and government probes due to this incident.
Uber responded out of fear and desperation but massive breaches are becoming commonplace with companies like Yahoo, and Equifax suffering a similar fate. In these cases, we focus mostly on the quality of response, but impact is devastating even if the response is perfect. What should have been done to prevent these incidents? What is missing from security technology that causes a multibillion-dollar valued company to get hacked?
Uber data was stolen from a third-party server due to inappropriate access control. Like most companies, Uber invested in a modern centralized Identity Management solution. Unfortunately hackers use state of the art methods that operate well beyond modern centralized identity management solutions. Hackers know that enterprise systems are sprawling into many third-party cloud services. This complexity makes it easier to deploy successful attacks. What is the best protection for these situations? The solution is IdRamp Decentralized Identity Fabric.
IdRamp allows companies to control access across all third party and internal systems from one tool. Centralized identity management systems are not sufficient due to rapid distribution of user data across many locations. SAAS and Cloud services complicate the situation repeating data distribution and by diluting access control. IdRamp solves this problem by controlling access across all attack vectors. IdRamp optimizes existing Identity Management solutions with a decentralized control fabric that will prevent unauthorized access in all situations. To learn more about protecting your customers and data with Decentralized Identity control please contact IdRamp.