GOT(IT) #10: Uber covers 57 million user data breach, the FCC tackles Net Neutrality

Uber.jpgWe’ve reached the tenth edition of GOT(IT)! For this special date we’ll talk about two huge topics, data breaches and Net Neutrality.

GOT(IT) #10 is here! The tenth IT security recap, certainly a good occasion to check this week’s topics and open some discussions. Net Neutrality has been on the table for a while now, and after quite a few ugly turns, the FCC tackled on one of the user’s last chances to guard the neutrality: State laws.

Uber: 57 Million Record Breach was Hidden for a Year

uber_2.jpgBloomberg recently reported that two hackers had tackled Uber’s security and access the personal data of about 57 million users, including drivers. According to the report, the 2016 breach originated in the company’s GitHub, where the attackers got the credentials to access Uber’s AWS (Amazon Web Services) and got the records of both riders and drivers.

Red flag: the matter wasn’t disclosed by the company at the time, and Joe Sullivan, Chief Security Officer at the time, has been removed from charge after it was known that $100,000 were paid to the attackers to delete the data.

The lack of disclosure troubles users: drivers with compromised licensed were informed this week, plus the lingering possibility of Uber phishing campaigns remains with the million of user emails that the attackers could possibly continue to be in their power.

Dara Khosrowshahi, Uber’s CEO since September, acknowledged the company’s previous mistake and explained “measures were taken for both securing the cloud-storage accounts and shut down any unauthorized access”.

An investigation has been started by New York Attorney General Eric Schneiderman on the subject; Uber’s tension with the law isn’t news, but if we take a look at their current approach we can evidence a positive change that could lead to a normalization in the company’s policies: “we are changing the way we do business”, stated Khosrowshahi.


FCC Won’t Allow States to Have Local Net Neutrality Laws

5a14d0009c900.image.jpgNet Neutrality. This year’s hot topic, might not be top-security focused but as a group of techy fellas we see the chance to elevate the subject and discuss the big picture. The 14th of December a vote is going to be held in favor of repelling net neutrality.

The state of the art? The Federal Communications Commission has already stated its plans to deregulate Internet Service Providers and the legal context that supports net neutrality standards. Ajit Pai, the FCC’s chairman, detailed earlier this year: “the FCC would simply require Internet service providers to be transparent about their practices so that consumers can buy the service plan that’s best for them”. 

This Thursday, the matter grew gloomier for internet surfers when broadband providers achieved their second huge win. Ajit Pai’s proposed order contemplates that state and local laws must be preempted if they contradict the deregularization policies. Once again, an escape rut has been shut down.

What could this deregularization mean for users? Internet throttling, paid prioritization, blocking and preference when showing websites, plus the manipulation of shown content according to specific payment rates.

These characteristics don’t suit the internet’s current state, being the biggest open channel of tellecomunications currently available to the public. For users in the United States, it would mean a change in operations where public access could be replaced by a “pay-to-access” internet, divided and organized as ISPs see fit.

What now? Well, it’s up to consumer protection agencies like the Federal Trade Commission to see if certain conducts are to be permitted, or not. The vote’s date is close and the panorama’s well… Not-so-bright. 


As a happy-bunch of techy fellows we stand for the protection of Net Neutrality! The segmentation and control in access to the open internet is a no-no for us; we stand in favor of the user’s liberty of choice, influenced only by intention, not regulations and third-party leverage.


Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.