Uber have found themselves in a bit of hot water recently. Putting aside the numerous court cases that Uber finds themselves facing around the world, the company now is apparently involved in a US Department of Justice investigation regarding their systems data breach back in May of 2014.
Along with a series of hacked passenger accounts appearing on the dark web Alpha Bay Market, it is debatable whether drivers’ and passengers data is really secure.
Do You Uber?
Uber are the tech-startup turned global taxi-industry killer. The launch in 2009 of an app to connect drivers with riders quickly turned the company into one of the most well know tech businesses in the world. Drivers are not company employees, and Uber merely facilitates a taxi experience through their GPS app.
What is the Alpha Bay Market?
One of the dark web’s foremost marketplaces, the Alpha Bay Market rose from the ashes of the Evolution market in late 2014. Currently, estimates place the AlphaBay as the largest online market of its kind.
Only accessible via the Tor browser, AlphaBay offers both buyers and sellers anonymity, making it a place where shady dealings can go down. The Alpha Bay Market is well known in the underground community, and offers users various items for sale – including drugs, stolen credit card details, and hacked user accounts for various services like Netflix.
The Uber data breach was only uncovered in February 2015 after a thorough investigation by Uber, which identified a system security flaw in September 2014. After the security flaw was identified, Uber worked quickly to isolate the issue and close the off the access method that was used.
Uber staff discovered that a data breach had in fact occurred – on May 13, 2014, when there was a one-time access by unauthorized parties to the Uber driver databases. The database was accessed by persons unknown and the breach spilled the data of about 50,000 of Uber’s drivers, with almost half of them Californian.
The spill meant the intruder gained access to driver’s names and license plate numbers. Uber immediately offered drivers involved a free one-year membership to an identity protection program, designed to eliminate fraud.
The Alpha Bay Market Angle
At a similar time to Uber’s disclosure of the data breach, it was discovered that at least two people were on the dark web Alpha Bay Market hawking Uber accounts.
The Uber accounts on the Alpha Bay Market were selling for around $5 USD in March, allowing buyers access to a hacked passenger account. The accounts tumbled to as little as $0.40 USD in August following AlphaBay sales, and customers appear to be satisfied with the results.
How did these Alpha Bay Market sellers gain access to users’ accounts? We don’t yet have all the answers.
Users on AlphaBay appear to still be selling Uber accounts.
Why is the Department of Justice involved?
After the news broke of the data breach in February of 2015, sources appeared to link a mysterious Comcast IP address involved in the access to none other than Chris Lambert.
Chris Lambert is the Chief Technology Officer at Uber’s rival company, Lyft. The implications in this apparent identification are wide-ranging. Is hacking the competition a clever business move, or is it likely to wind you up in jail?
Now there comes news that the US Department of Justice may have become involved in the investigation. Following Uber’s internal enquiry into the matter it is feared that criminal activity has occurred.
Inquiries into the reports have yielded no results as yet. Lyft remains mum on the situation, only saying that they are sure that their Chief Technology Officer’s name will be cleared. The Department of Justice is yet to confirm or deny that a probe is currently taking place. Uber are refusing to comment on the current situation.
The Current Security Situation
The world’s data is now being stored online and across various companies and governments systems. The reality is that we really have no idea as to how secure each of our data is. Breaches like the Uber breach confirm that your details can be leaked anywhere, and at any time. The only solution is to demand that our data not be stored or at least purged regularly, and hold each company and government’s security practices up to a microscope.
With hacked data being obtained by the competition, or by nefarious means to be sold on AlphaBay, we need to be better informed to prevent identity theft.