- From: Arshad Noor <arshad.noor@strongauth.com>
- Date: Tue, 21 Nov 2017 16:49:02 -0800
- To: "public-webauthn@w3.org" <public-webauthn@w3.org>
Received on Wednesday, 22 November 2017 00:49:28 UTC
WOW!!! This is what happens when sites claim they support FIDO but choose NOT to give users the option of registering with FIDO up-front and do not educate their users about FIDO on their sign-up/login pages. At the risk of sounding juvenile, I will point out that this was a preventable problem: https://github.com/w3c/webauthn/issues/503#issuecomment-313803807 Arshad Noor StrongAuth, Inc. On 11/21/2017 04:35 PM, Jake Kiser wrote: > https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data > > > Also note where the data was stored. … > > Here’s how the hack went down: Two attackers accessed a private GitHub > coding site used by Uber software engineers and then used login > credentials they obtained there to access data stored on an Amazon Web > Services account that handled computing tasks for the company. From > there, the hackers discovered an archive of rider and driver > information. Later, they emailed Uber asking for money, according to > the company. > --- > Jake Kiser
Received on Wednesday, 22 November 2017 00:49:28 UTC