• Lindsay Shachnow (COM’25)

    Lindsay Shachnow (COM’25)

    Lindsay Shachnow (COM’25) Profile

Comments & Discussion

Boston University moderates comments to facilitate an informed, substantive, civil conversation. Abusive, profane, self-promotional, misleading, incoherent or off-topic comments will be rejected. Moderators are staffed during regular business hours (EST) and can only accept comments written in English. Statistics or facts must include a citation or a link to the citation.

There are 4 comments on Uber Users: What You Need to Know about Last Month’s Data Breach

  1. Excellent interview with Dr. Choi. Very important points to consider regarding doing what we can to take responsibility to be more cyber-safe.

  2. Dr. Choi states, “Hackers downloaded the financial information from Slack. The financial information could be anything. It could be invoices or employment information.”

    I have never seen invoices or financial information stored in Slack. Can someone elaborate?

  3. Other patterns to look for:

    Get an email from or about old bank accounts or companies you’ve had dealings with.
    This could be an indicator of a compromise. One should think “Did I initiate this?” If you didn’t be suspect of that information.

    As a active defender in cybersecurity, I can say we the fronts are being fought with very complex hacking methods and defenses. One that often get skipped is the human element.

    We can secure information in a variety of ways, and almost all of them can be undone with the human factor. People may very well still be our best line of defense against cyber threats.

    Protection against the threat actors is not just the responsibility of cybersecurity professionals, we work with you, to help protect you. The better informed our human firewalls are the more armed they to stop these threats, even the lazy ones.

    “I have never seen invoices or financial information stored in Slack. Can someone elaborate?”

    I’m going to assume a lot here:
    Slack does have inherent security protocols, that companies often deem “internal”. So with an internal slack channel companies and employees feel these pathways are safe to divulge sensitive information. This is understandable for the following:
    Teams are separated with remote work and pandemics
    Teams maybe separated by buildings or someone is out of the office

    All viable reasons, but while the measure are there to protect the information systems, it doesn’t take into account “what if someone else sees it” from over the shoulder to screen capture.

    So good security best practice is even in slack (secure channels) the assumption should be ” is this information valuable to someone other than the intended recipient?” If your answer is YES?

    ENCRYPT or DO NOT POST IT in slack. Logs exists for many reasons, but historical data that is not redacted, backed up, or secured is always a risk.

    Back to the human element. Its easier for the team to work remotely if we can post invoices in slack for quick viewing. That same ease of workflow, also provides ease of access to information that should be guarded,

    Even if the intent is to improve, the risk of that improvement should be mitigated.

  4. I am an uber driver and I feel as if my phone has been hacked ever since the end of August 2022. My phone company, us cellular can’t seem to figure out what is going on with my service not working. Even a new phone didn’t fix the problem.

Post a comment.

Your email address will not be published. Required fields are marked *