Uber’s Dirty Little Secret

If you’ve got an Uber account, you really need to read this.

You may have heard that last week Uber fessed up to the fact it had been hacked in October last year — with the names and contact details of 57 million of its user and driver accounts being stolen. But instead of making the breach public, they paid the hackers $100,000 to destroy the copied data.

Trustworthy fellows, those hackers. I’m sure they did what they said … even used the recycling bin, right?

Here’s you: “Uber are clearly morons … but how does this affect me?”

Here’s me: “The Australian is reporting that ‘more than one in ten Aussies may have been affected’.”

So how do you know if you’re the one in ten?

Well, Uber is continuing to dig its hole — they’ve decided not to contact customers whose data has been breached, and instead have said they’re “monitoring the affected accounts and have flagged them for additional fraud protection”.

Poor form!

It’s like if you find out you’ve got an STD. The right thing to do is to ring up your former partner and say, “Look I probably deserve a slap, but you’d better get tested … because I’ve got the clap”. Uber is doing the equivalent of checking in on your ex’s Instagram every now and again to ensure none of their bits are mysteriously falling off.

For the record, if this hack happened next year, Uber would be toast. That’s because laws to be introduced next February will force organisations to contact victims and report data theft to the Australian Privacy Commissioner.

So what can you do if you have an Uber account?

Three things.

First, you should assume that your details have been breached.

Second, you should change all your passwords. If you’re normal, you have one password that you use for everything. Stop doing that, and start looking into encrypted password vaults like LastPass.

Third, you should check your credit file, which you can get for free if you write to the credit agencies.

Actually, for $79.95 you can get your file plus an alert system that pings you if any changes are made to your credit file for 12 months, via MyCreditFile.com.au.

Hang on, can you trust MyCreditFile.com.au?

Err, well, it’s a product of credit reporting agency Equifax (formerly Veda Advantage), which earlier in the year suffered one of the biggest data breaches in history.

Tread Your Own Path!