Uber has been hacked. What now?

Transport platform says internal systems were compromised. But what should you do in the event of a breach?

Last week, transport platform Uber became the latest business to fall victim to a cyberattack that compromised its internal systems and publicly embarrassed the company.

Announcing the breach to employees in a Slack message, the hacker said he had broken into the company’s systems because it had weak security. He also said Uber drivers should be paid more.

Uber is blaming a hacker affiliated with the Lapsus$ group for the incident.

It isn’t the first time the company has been hit. Back in 2016, hackers stole information relating to 57 million driver and passenger accounts. In return for deleting the data, hackers demanded $100,000. Uber arranged the payment, but it wasn’t until a year later that news of the breach filtered out. The legal repercussions of that are ongoing.

READ MORE

Uber said the latest attack hadn’t exposed any of its customer data, affecting only internal systems. That means users of the transport platform shouldn’t be at risk as a result. It’s only a matter of time, however, before the next service is hit, or a data breach occurs that exposes your personal details online.

So what should you do if a company you have trusted your private information with has been hacked?

Change your password

The first stop is to make sure no unauthorised users can gain access to your account. Change your password for the compromised service immediately, and if you have reused that combination – a cybersecurity no-no, but a common practice – make sure that you change those log-in details too. That way you can keep unwanted users out of your private accounts.

Strengthen your passwords

Now would be a good time to start using stronger passwords too. A password manager such as 1Password or NordPass would help create stronger passwords. Just make sure that the master password you use to access that service is hard to guess and not in use by any of your other accounts. Otherwise you leave yourself open to another data breach in the future.

Monitor your accounts

If there is even a small chance that your personal information has been compromised, it is a good idea to keep a close eye on your bank and credit card accounts for any unusual activity. It’s not uncommon for hackers to test stolen credit card details with a small transaction; you may not notice it at first but once verified, the card can then be used for bigger purchases.

The good news is that it isn’t as easy to use stolen card data as it used to be. Since the introduction of new payments regulations in Europe, banks have implemented an extra layer of security for online payments.

Your bank may require you to log into an app to approve a payment, or send an authentication code to your phone or email that needs to be entered before the payment can be approved. If you are getting random authentication requests, it could be a sign that your accounts have been compromised.

Implement two-factor authentication

It’s not just about your bank accounts; other accounts can be at risk from malicious users. Your social media accounts, email, online shopping account and others could be taken over if your confidential information is compromised.

Where available, add two-factor authentication to your account, which requires you to either approve log-ins or enter a code before you can gain access to an account, even if you have the correct password.

Prevention after all is better than cure, and if you can keep malicious users out of your account it will save you a lot of trouble in the long run.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist