Stolen identities are without doubt the biggest challenge facing the cyber security industry and as we now know from this Uber attack, the cost to both businesses and professionals is escalating. What does this do for Uber's reputation and how will it impact the head of security who lost his job as a result of the breach? The consequences of stolen identities are getting very personal and is it time for the cyber security industry to accept that this is a sign of the times and that a different approach is required?
Bloomberg reports on what seems to be a security scandal at Uber. The ride-sharing firm concealed the theft of personal information related to 57 million customers and drivers, and rather than inform the concerned parties "paid hackers $100,000 to delete the data and keep the breach quiet." The hack which Uber says is said to have happened in October 2016, and included the names, email addresses and phone numbers of 50 million Uber customers across the globe. Bloomberg has the skinny on how the hack occurred, and it doesn't portray Uber in a good light, being the latest example of careless developers leaving internal login passwords lying around online:
