Here is What Happened
On Friday February 27, 2015 Uber disclosed that one of its databases had unauthorized access. In a statement released by Katherine Tassi, Uber’s Managing Counsel of Data Privacy, “Our investigation determined the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners.” The data lost included driver names and license numbers.
So how did this happen? The reality is that Uber left the keys to this specific database in a public location, GitHub. The intruders simply used the keys from this public GitHub page to access the sensitive data on Uber’s system. Unfortunately all of this could have been avoided with the use of CipherDB.
Here is how CipherDB could have prevented this
If Uber had used CipherDB to encrypt their sensitive data (even if the database keys were left in a public location) an intruder would of recovered data that was still encrypted with our military grade encryption. This is because CipherDB creates multiple layers of security. Our data encryption and key management solution is integrated at the application layer. This means that if any intruder were to directly access the database (like in this Uber instance), they would simply retrieved AES-256bit encrypted data.
In addition, Crypteron secures the encryption keys within our very secure key manager using elliptic curve cryptography at 521 bits, which is stronger than RSA – even if RSA were at 15,000 bits! This means that a developer does not have to worry about securing where the keys go, we handle that! The keys and the data are safely separated.
The Take Away
Many developers, even in large companies with a lot of capital, are still not security experts and do not know the proper techniques and have the capability to properly secure sensitive data. Leveraging easy to use technologies like CipherDB, that are FIPS-140-2 compliant and can be used to secure “Top Secret” government files, can help companies like Uber to secure their data in hours.