W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2017

Re: If you were looking for another reason to boycott Uber ...

From: Arshad Noor <arshad.noor@strongauth.com>
Date: Tue, 21 Nov 2017 16:49:02 -0800
To: "public-webauthn@w3.org" <public-webauthn@w3.org>
Message-ID: <0510a899-f726-fdb4-6d7e-bdc3dd33ee7d@strongauth.com>
WOW!!!

This is what happens when sites claim they support FIDO but choose NOT 
to give users the option of registering with FIDO up-front and do not 
educate their users about FIDO on their sign-up/login pages.

At the risk of sounding juvenile, I will point out that this was a 
preventable problem: 
https://github.com/w3c/webauthn/issues/503#issuecomment-313803807

Arshad Noor
StrongAuth, Inc.


On 11/21/2017 04:35 PM, Jake Kiser wrote:
> https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data 
>
>
> Also note where the data was stored. …
>
> Here’s how the hack went down: Two attackers accessed a private GitHub 
> coding site used by Uber software engineers and then used login 
> credentials they obtained there to access data stored on an Amazon Web 
> Services account that handled computing tasks for the company. From 
> there, the hackers discovered an archive of rider and driver 
> information. Later, they emailed Uber asking for money, according to 
> the company.
> ---
> Jake Kiser
Received on Wednesday, 22 November 2017 00:49:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:44 UTC