CipherDB could have Stopped Uber’s Data Breach

Here is What Happened

On Friday February 27, 2015 Uber disclosed that one of its databases had unauthorized access. In a statement released by Katherine Tassi, Uber’s Managing Counsel of Data Privacy, “Our investigation determined the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners.” The data lost included driver names and license numbers.

So how did this happen? The reality is that Uber left the keys to this specific database in a public location, GitHub. The intruders simply used the keys from this public GitHub page to access the sensitive data on Uber’s system. Unfortunately all of this could have been avoided with the use of CipherDB.

 

Here is how CipherDB could have prevented this

If Uber had used CipherDB to encrypt their sensitive data (even if the database keys were left in a public location) an intruder would of recovered data that was still encrypted with our military grade encryption. This is because CipherDB creates multiple layers of security. Our data encryption and key management solution is integrated at the application layer. This means that if any intruder were to directly access the database (like in this Uber instance), they would simply retrieved AES-256bit encrypted data.

In addition, Crypteron secures the encryption keys within our very secure key manager using elliptic curve cryptography at 521 bits, which is stronger than RSA – even if RSA were at 15,000 bits! This means that a developer does not have to worry about securing where the keys go, we handle that! The keys and the data are safely separated.

 

The Take Away

Many developers, even in large companies with a lot of capital, are still not security experts and do not know the proper techniques and have the capability to properly secure sensitive data. Leveraging easy to use technologies like CipherDB, that are FIPS-140-2 compliant and can be used to secure “Top Secret” government files, can help companies like Uber to secure their data in hours.

Please try CipherDB to for FREE on the Azure Marketplace or directly from our website.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent blog posts

Migrating existing live data into Crypteron

You’re already live in production. And you have sensitive in the clear. Read this article to see how Crypteron can help.

Encryption, Entity Framework and Projections

Projections in Entity Framework live outside the entity lifecycle. Read more to learn how your can use Crypteron to secure such data.

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

CipherDB could have Stopped Uber’s Data Breach

by Yaron Guez time to read: 1 min
0