Over a year after it occurred, Uber recently acknowledged that hackers stole personal data, including names, email addresses, driver’s license numbers, and phone numbers belonging to 57 million customers and drivers. Would UEBA (User and Entity Behavior Analytics) have prevented this massive data breach?
Reportedly, the attackers used stolen passwords to access Uber’s system and download the data. In addition to questioning why Uber deliberately broke the law by not reporting the incident, we are left wondering why they didn’t detect the fact that outsiders were using stolen IDs and passwords.
Uber disclosed that the hackers stole passwords belonging to Uber engineers from a private GitHub coding site. The attackers then used those credentials to access sensitive company data stored on Amazon Web Services. After the theft, the cybercriminals contacted Uber and demanded a ransom. Uber agreed to pay $100,000 to the hackers for an agreement to delete the data. Later, Uber tracked down the hackers' real names and demanded that they sign documents assuring that the stolen data was destroyed.
To their credit, following the breach Uber reportedly installed two-step authentication for at least one of the services that was hacked. But the question remains as to why Uber didn’t detect the initial fraudulent access. If UEBA had been in place, it likely could have detected the hackers initial access. A good UEBA solution will easily detect when a logon occurs from a strange location, as was probably the case in this situation. Additionally, assuming that, like most attacks, the intruders spent a fair amount of time in the system before they were able to locate the sensitive data, a competent UEBA system would have had numerous opportunities to detect the attacker’s activities.
UEBA is a relatively new technology, and although its benefits are well understood, it is so new that many organizations have yet to deploy it. So, it’s probable that Uber didn’t have it installed at the time of the breach. That’s a shame for both Uber, and the 57 million individuals who had their personal data stolen. While Uber’s $100,000 dollar ransom payment might have caused the hackers to actually delete the data, we know that it doesn’t always work that way, and the stolen data may already be available on the dark web.
Learn how our SMART Kits can help give your organization the intelligence you need to streamline and maximize the effectiveness of your security offering to help customers better protect their resources and business operations.