In major goof, Uber stored sensitive database key on public GitHub page

Found on Ars Technica on Monday, 02 March 2015

Uber is trying to force GitHub to disclose the IP address of every person that accessed a webpage connected to a database intrusion that exposed sensitive personal data for 50,000 drivers. The court action revealed that a security key unlocking the database was stored on a publicly accessible place, the online equivalent of stashing a house key under a doormat.

The wording of Uber's complaint, saying a security key protecting the Uber database was stored on a publicly assessable GitHub page, is a step backwards for Uber as it attempts to reassure the public that the significant amount of information it holds is safe from prying eyes.

Someone might try to file a suit against Uber for neglecting basic security priciples. Github is okay for code that can be public, but any sensitive data should never come close to it.

Browse all articles« Previous « » Next »