Jan Vikas Mandal's Mehta Degree

College

Ajay,Nitesh,Harshit,Sahil,Pankaj
 Agenda

Introduction about UBER.

What is Data breach and Credential stuffing?

How did a Attack happened?

what are the consequences and

Countermeasures.
How to prevent from cyber attacks ?
 Uber has a global market value
of $72 billion.
There are more than 75 million
active Uber riders across the
world.
Uber has become a global
Uber is available in more service providing roughly 15
than 80 countries worldwide. million rides per day across
500 cities

Uber has completed more than 5 billion

rides. Over 3 million people drive for Uber. Over 3 million people drive
for Uber.

Uber is a technology platform.

Our smartphone apps connect driver-partners and riders.
 Data Breaching

What is a Data Breach?

A data breach is the intentional or unintentional release of secure or private/confidential
information to an untrusted environment.

What type of data can be stolen?

Data breaches may involve financial information such as credit card or bank details,
personal health information (PHI), Personally identifiable information (PII), trade secrets of
corporations or intellectual property. Most data breaches involve overexposed and
vulnerable unstructured data– files, documents, and sensitive information.
 Data Breaching

Attacker Ransom
Organisation

Security Loopholes
Unauthorized Access
 Credential stuffing

What is a Credential stuffing?

Credential stuffing is a cyberattack method in which attackers use lists of compromised
user credentials to breach into a system.

(Credential stuffing attacks can involve the use of botnets that use automated scripts to
try to access an account until a legitimate set of credentials permit the hijacking of at
least one account.)

What is impact of credential stuffing?

Credential stuffing is a serious threat to both consumers and businesses, which both
stand to lose of brand reputation and money, either directly or indirectly.
Credential stuffing
 How did Data Breach happened?

1. Uber working with third party for upgrade.

2. Third party have Github access.
3. Those GitHub Repository use to store UBER Source code
4. Attacker find loopholes in third party website.
5. Attackers were able to gain access to Uber’s GitHub Repository.
6. Uber developer stored AWS cloud Credential on uber repository in
text view. (that was silly mistake )
7. Attacker gets access Aws cloud (Access 57 million user data)
 UBER Data Breach

ry
ito
os
Cloud

p
Re
Git Token Stored Password
R

UBER Developer
BE

(57 million user data)

U
y
sb
s
ce

$
ac

Token
ub
th
gi

$ 100,000
Attacker

Third Party Website

Loophole
Ransom
UBER
 Credential stuffing

1. Attackers user credential dump or purchased via dark web.

2. Attacker select Target website .(facebook.com,google.com)
3. Attacker user
4. Attacker use Automated tools or automated scripts.
5. For multiple attempts needs multiple different ip . Hence attacker
used bots and it’s less time consuming.
6. Attacker bypassing security (common passwords on all websites)
7. Attacker can takeover victim account and steal assets.
 Credential stuffing

Target Tool

Obtain stolen Select a target proxy traffic Bypass security Takeover

credentials site (BOT) account and
steal assets
(Dark web, (facebook,google)
pastebin)
performance Use automated scripts
reconnaissance on
target site
 Data Breach
57 million Uber riders and drivers around the world. This
information included names, email addresses
and mobile phone numbers.

7 million personal information of drivers was

accessed as well, including some
600,000 US drivers’ licence numbers

$100,000 The company paid the hackers

behind the intrusion $100,000 to delete
the data they grabbed from Uber's
cloud servers.
Consequences
 Counter Measures
Cloud services,
administrator would need of effective
not have rights to monitoring to detect
access sensitive any unauthorized
production access to sensitive
data.
databases within
Multi Factor
AWS a Threat Security
Authentication Assessment Controls

Least Cloud Security

multi factor Privilege Monitoring
Companies
conducting
authentication
can review their an
would prevent a
remote attacker assets and top assessment
from gaining risks to determine to determine
access to targeted the areas in need areas of risk,
systems, of additional
security controls.
 what should a company do after a data breach

Most countries
have legislation To determine the
notify the right it’s time to audit
around security scope of a
people at the and address
breaches and breach, assemble
you’ll need to right time other
a team of experts
follow them after about a breach vulnerabilities
IR
a breach.

Consult Secure Notify Prevent

Consult With Secure Your Prevent Future

Legal Counsel Data and Notify Relevant
Breaches
Systems Parties
 why uber Data Breach happened?

Developer would not have rights to

Uber attackers were able to gain
access sensitive production
access Uber’s GitHub.
databases within AWS and access
the development environment in
GitHub.

SECURITY

Cloud services, especially

those hosting sensitive data, Never stored Company Cloud
are in need of effective password on Github Repository
monitoring to detect any
unauthorized access to
sensitive data.
 User Precautions
A. Don't open a file from an unknown sender
B. Don’t use same password everywhere
C. Enable Multi-Factor Authentication
D. Don’t give your personal info on phone or email
E. Don’t visit fishy websites
F. Change your Passwords monthly
G. Try not login to your accounts on public networks
H. Enable Auto Updates.
 Destination Reached

THANK YOU