Uber ignores security breach for half a year.
Uber sues third party while trying to repair damage caused by their own failings.
At this point the identity of the hacker is irrelevant. The data is in the wild, Uber is exposed as incompetent (again). But hey, anyone want to invest another billion at a 40 billion valuation? This company is going places.
The third party being sued is the (as yet unidentified) person who used the key to obtain & leak the data.
No. Even if I leave my door unlocked, someone who comes in and steals my stereo should still be punished.
Your analogy is wrong. It's more like asking someone to protect the key of your locked door. And they make copies and leave them in random places with the address attached.
https://www.eff.org/issues/mandatory-data-retention/us
Neocities currently scrambles stored IP addresses with scrypt, and (soon) after 30 days, we intend to delete those IP hashes. It's legal. Consider doing it.
Here's the code we used to do it: https://github.com/neocities/neocities/commit/4983a9b24eac00...
Actual headline: "FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers"
> Otherwise please use the original title, unless it is misleading or linkbait.
This is the best one-sentence summary of Uber I've ever seen.
BTW. After watching all episodes of John Oliver's "Last Week Tonight" I'm looking for interesting shows. Is that podcast worth listening to? Anything else you'd recommend?
Github very clearly states that "secret" gists are NOT private: https://help.github.com/articles/about-gists/
Actually, they're subpoenaing. This is necessary to identify who may have accessed it; i don't think this is a suit over the privacy of gists.
Actually, it's not. If Github's TOS (and their legal argument in response to the subpoena) is strong enough, Uber can go fly a kite.
How did you come away with that? They're trying to subpoena GitHub to gather information on who may have been responsible for the hack.
I couldn't find that information in the article or the subpoena.
It was published by github.com/hhlin. The commit has a SHA256 hash of 2a4fae0e6d443b29826096fe043409e2c305bb79.
The publisher works for Bayes Impact, and according to his LinkedIn page, worked for Uber from April 2011 to October 2014.
It seems reasonable though to request some user data for a specific IP address that Uber suspects as being the invader (depending on how strong the evidence is).
While I agree companies like Uber and Sony need to invest more time and energy into security, real people are hurt when these types of things happen. It isn’t the executive-level “fat cats” who are hurt the most. It is normal, everyday people. They did not ask for their personal information to be stolen. Their only crime was working for a company with poor information security.
Furthermore, the fact Uber issued a subpoena for information from Github does not make Uber the bad guy for requesting the information and Github the good guy for withholding the information. A crime was committed and this is part of the investigation. The information requested by Uber is not unreasonable. They are basically requesting log files for that specific Gist.
Channeling my inner Matthew McConaughey from A Time to Kill, imagine this happening to an organization that is more likeable than Uber or Sony (shouldn’t be that hard). What if this happened to an organization responsible for helping rape victims and this person leaked the private information of rape victims to the Internet? Would people be so willing to support the criminal? Would people be so eager to praise Github for not cooperating?
Just because Uber is a horrible, unethical company does not mean it isn’t protected under the law. We shouldn’t condone crime just because we don’t like the victims.
Also super shady they don't bother to explain why it took them almost 5 months after they discovered it to notify anyone.
Even better, use makepaste.sh
Using "secret" gists is just reckless, really.
