Detailed Report: Uber's 2016 Data Breach and Security Measures

Verified

Added on 2019/09/30

AI Summary

This report analyzes the 2016 Uber data breach, a significant cybersecurity incident where 57 million customer records and 600,000 driver's licenses were compromised. The breach, caused by eavesdropping and unauthorized access to Uber's cloud server by two employees, highlights the vulnerabilities of cloud storage. The report details the history and origin of the hack, the methods employed, and the stakeholders affected, including customers and drivers. It compares the incident to modern security risks associated with cloud computing, such as theft of intellectual property and loss of customer trust. Uber's response included paying the hackers to delete the data, strengthening security, firing the employees involved, and offering credit monitoring to affected drivers. The report concludes by emphasizing the importance of robust security measures to prevent future breaches. References to relevant academic sources are included to support the analysis.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: FAMOUS SECURITY BREACH
Famous Security Breach
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
FAMOUS SECURITY BREACH
Executive summary
The aim of the paper is to identify a security breach that happens recently and the ways the issue
was managed. Uber is one of the known company that faced a data breach in 2016 in which two
of the employees of the company downloaded data of 57 million customers in the world and
license of 600,000 drivers. The hacking that took place showed the risk associated with cloud
storage system that allowed access of unauthorized individuals. However, the issue was solved
and the company took all possible step to destroy the data from the person that stole it and also
tightened its security system.

2
FAMOUS SECURITY BREACH
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................3
History and origin of the Hack....................................................................................................3
Methods they chose for Hacking.................................................................................................4
Stakeholders Affected by the Hack.............................................................................................4
Comparison with Modern Security Risk.....................................................................................5
Steps were taken to fix the Issue..................................................................................................5
Conclusion.......................................................................................................................................6
References........................................................................................................................................7

3
FAMOUS SECURITY BREACH
Introduction
Cybersecurity issue is on a rise with more and more organization moving towards the
online platform. There are various types of issue that rise from a cyber-environment such as
hacking, scanning, and others. A security hacker is a person that breach the computer security
system or network by decoding the IP address or some other ways. Data breach activity is seen to
skyrocket in the first 11 months of 2017 with the number of breach cases coming up in the
various business security system.
The essay will study the security breach that took place in Uber in 2016 by analyzing the types
of breach and the origin. Further, the paper discusses the people affected by it and the ways they
resolve the issue.
Discussion
History and origin of the Hack
The security breach that took place in Uber security breach activity was hacking of the data
from the database of the organization. The origin of hacking is seen to be in the 1960s at MIT
that introduced the term hacker in which extremely skilled individuals use hardcore
programming in FORTAN or any other programming language. At that time hacking was
considered as a positive level by the people that helps the programmers to push the computer
systems beyond the limits (Jordan, 2017). However, as time progressed hackers found the way to
exploit their knowledge and dig holes in the operating systems. They started entering the security
regions of the computer system. This made hacking a security breach activity in the modern
world due to the changing activities of the hackers. The hacking that took place in Uber was
eavesdropping hacking method in which the hacker just entered the network of the company and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
FAMOUS SECURITY BREACH
collected information (Zou & Wang, 2016). Hacking in Uber was done by two of the company’s
employees that hacked company’s information by exploiting the database.
Methods they chose for Hacking
The method the two employees of the company choose to hack the information of the
customers of the company was eavesdropping in which both the employees entered the third
party cloud server of Uber and collected information about the customers. They hacked
information like names of the customers, email addresses and mobile numbers of about 57
million users in the world and license number of 600,000 drivers (ABC News, 2018).
Eavesdropping is a method in which the attackers just monitor the networks of the company to
gain secured information. It is a type of passive attack in which the attacks are active in nature.
This process involves not to harm the system, however, it is only done with the aim to get some
information about the company from its database (Zou & Wang, 2016). These types of hacking
involve various methods of communication such as web browsing and others.
Stakeholders Affected by the Hack
The hacking that took place in Uber impacted both the internal and external stakeholders of
the business. The internal stakeholders that were affected by the hacking incident were the
employees of the organization as they all came under the suspicion by the company. Further, the
most affected external stakeholders of the business was the customers because the data that was
stolen consisted of personal information of 57 million customers of all over the world (ABC
News, 2018). The drivers associated with the company was also affected by the hack as license
and names of about 600,000 US drivers was also downloaded by the hackers (ABC News, 2018).

5
FAMOUS SECURITY BREACH
Comparison with Modern Security Risk
The security breach that took place in Uber can be compared with the risk associated with a
modern security system. The modern security system that was hacked was a cloud server system
that is being used by the companies for storing their data. The hacking showed the security risk
associated with cloud servers such as theft of intellectual property and loss of control over end-
user actions, loss of customer trust and others. All these risks were seen with the cloud server of
Uber as well (Almorsy, Grundy & Müller, 2016). This is because the cloud server failed to
restrict the user to enter the data and breach the security. Further, the company also lost the trust
of the customers due to the breaching of the cloud service.
Steps were taken to fix the Issue
Uber took adequate steps to ensure that the issue is fixed and so much a security issue occurs
in future. The first step that they took comprised of paying $132,000 to the people that hacked
the data so that they delete all possible data that they stole. They also took a step to shut down
the unauthorized access of any individuals to enter the secured data of the company. The issue
did not take any harmful impact as the company identified the individuals that were involved and
made sure that they destroy the data (ABC News, 2018). The security access was also
strengthened on the cloud-based storage accounts. Further, the employees involved were all fired
from work and are no longer working with Uber. The company ensured the riders that the riders
do not take any action as they have secured the data. In relation to the drivers, they notified them
that their license has been downloaded and stolen. To solve this they offered them with free
credit monitoring the theft protection (ABC News, 2018). The general counsel of US National
Security Agency was hired to best guide the company and structure the security team and
processes.

6
FAMOUS SECURITY BREACH
Conclusion
From the above analysis, it can be deduced that hacking is one of the common security
breaches that is taking place in the organizational context. The system of hacking was started as
a positive method and slowly it turned out to be negative in the modern context. Uber was one
such company that faced a security breach in 2016 in which the customer data and license of the
drivers got stolen from the cloud server by two of the employees of the company. This also
showed eth security risk associated with a cloud server in which companies store their data.
However, Uber did took appropriate action and ensured that the data is protected in the future.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
FAMOUS SECURITY BREACH
References
ABC News. (2018). A massive hack exposed 57 million Uber accounts and Uber didn't tell
anyone. Retrieved from http://www.abc.net.au/news/2017-11-22/uber-data-breach-was-
not-disclosed-ceo-says/9179168
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Jordan, T. (2017). A genealogy of hacking. Convergence, 23(5), 528-544.
Zou, Y., & Wang, G. (2016). Intercept behavior analysis of industrial wireless sensor networks
in the presence of eavesdropping attack. IEEE Transactions on Industrial
Informatics, 12(2), 780-787.