Uber and Imgur hacked: the precautions you need to take
Two massive hacking attacks serve as a reminder of the precarious fate facing private data on the web, as well as the importance of not using the same password for all your accounts.
The facts themselves are not recent, but they have only just been revealed. In 2014, the Imgur picture-sharing site was hacked, with the loss of 1.7 million items of connection data. But the cat was only let out of the bag on November 23rd this year by Troy Hunt, founder of www.haveibeenpwned.com, a site where you can check whether your accounts have ever been the subject of significant data leaks.
No official notification
In parallel to this, on Tuesday 21st November, Uber revealed that it had had the data of 57 million users stolen in October 2016, including 100.000 Belgian users. In this instance, it appears that the hackers gained access to the names, e-mail addresses and telephone numbers of the accounts in question. So why did the company wait for over a year before admitting the leak? In the meantime, Uber is reported to have tried to keep the matter quiet by paying a ransom to the thieves in exchange for the data being destroyed.
Contrary to what is customary in this type of situation, Uber has still not sent an official notification to its users. However, the company does guarantee that the stolen data has not been exploited in any way by malicious parties and has just one piece of advice to offer users: check your account statements.
Recommendations
In fact, keeping an eye on your transaction history is not a bad idea. That way, if you spot the slightest hint of a suspicious payment, you can react quickly by contacting your bank.
But if you hear about a site being hacked and data being lost, your first reaction must be to change your password immediately for that site. And, of course, if you use the same password for other sites, you will need to change it on each of those, too.
In an ideal world you should use a different password for every account you have. If possible, you could also activate a two-step validation process for your accounts, which will give you additional protection.
Finally, don’t forget that if your e-mail address is leaked, this increases the risk of you receiving phishing messages and other types of fraudulent activity. So be doubly vigilant and don’t allow yourself to be distracted by an e-mail asking you for your connection identifiers: no bona fide company will ever ask you for this type of information.