Uber data breach aided by lack of multi-factor authentication

For Uber CISO John Flynn, having to explain the company’s massive 2016 data breach to a Senate hearing was never going to be an easy day out. There are two strands to this incident – the company’s handling of the breach of 57 million customer and driver records once it found out about it, and the technical failings that allowed it to happen in the first place.The first we already know a bit about, principally that the company realized it had been breached in November 2016 when it was sent a $100,000 ransom note. That ransom was paid through the company’s bug bounty programme, allegedly in the hope, nobody would notice.

Read how the massive Uber data breach could have happened due to lack of multi-factor authentication on Sophos Blog.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here