By Dan Goodin
Ars Techica
March 2, 2015
Uber is trying to force GitHub to disclose the IP address
of every person that accessed a webpage connected to a database intrusion that
exposed sensitive personal data for 50,000 drivers. The court action revealed
that a security key unlocking the database was stored on a publicly accessible
place, the online equivalent of stashing a house key under a doormat.[ but more visible - pe]
Uber officials have yet to say precisely what information
was contained in the two now-unavailable GitHub gists. But in a lawsuit filed
Friday against the unknown John Doe intruders, Uber lawyers said the URLs
contained a security key that allowed unauthorized access to the names and
driver's license numbers of about 50,000 Uber drivers. The ride-sharing service
disclosed the breach on Friday, more than two months after it was discovered.
more...
No comments:
Post a Comment