A recent data breach at Uber shows how popular code-sharing sites such as GitHub and SourceForge can sometimes be a rich source of information for those looking to break into enterprise networks.

Illegal Access

On Feb. 27, Uber disclosed that someone had illegally accessed an internal database containing names and driver’s license information belonging to 50,000 drivers. The company said the intrusion happened in May 2014 but was only discovered in September.

Uber did not say how it discovered the intrusion, nor did it offer any explanation for the delay in notifying those affected by the breach, even though state laws require organizations to notify victims as soon as a breach is discovered.

In a prepared statement announcing the data breach, Uber said it changed access protocols for the data as soon as the issue was discovered. The company added that it has not yet received any reports of the compromised data being misused.

John Doe Lawsuit

Uber filed a John Doe lawsuit in the U.S. District Court for the Northern District of California against those responsible for the data theft. The lawsuit seeks a court order barring the unnamed defendants from accessing Uber’s files again or transmitting them anywhere. In court papers filed in connection with the case, Uber described the database from which the data was stolen as closely guarded.

“Accessing them from Uber’s protected computers requires a unique security key that is not intended to be available to anyone other than certain Uber employees,” the company said in the lawsuit. “No one outside of Uber is authorized to access the files.”

However, on May 12, 2014, someone with an IP address that did not belong to Uber or any of its employees used the unique security key to access the database and download its contents, according to court documents.

Security Key Stored on GitHub

Whoever accessed Uber’s database appears to have obtained the security key from a public page on GitHub. A subpoena has been served to GitHub to try to force it to disclose the IP addresses or subscriber IDs of all individuals who may have viewed, accessed or modified content on the GitHub Web page on which the security key was stored.

Uber wants GitHub to provide it with all records or metadata pertaining to the browsers and devices that were used to view or access the page. The data being sought includes logged HTTP headers, cookies and device ID information.

Services like GitHub and SourceForge are popular because they give software developers a place to collaborate on projects, make and store changes and maintain a complete revision history of all modifications made to code over the life of a project.

Potential Downsides

One of the downsides for companies is that developers who use these services are not always careful about what they upload and store online. It is not unusual to find files containing private security keys, login credentials, security tokens, configurations and other data stored online along with the source code. Attackers with access to such information can leverage it to gain access to enterprise systems and data. Often, all it takes to unearth sensitive information is a simple search on GitHub.

Since Uber has not disclosed any details on the breach, it is unclear which data exactly was stored online on the GitHub page, which is the subject of the Uber subpoena. However, court documents suggest the individual who accessed the ride share company’s database used a security key stored on the website.

More from

Will the 2.5M Records Breach Impact Student Loan Relief?

Over 2.5 million student loan accounts were breached in the summer of 2022, according to a recent Maine Attorney General data breach notification. The target of the breach was Nelnet Servicing, a servicing system and web portal provider for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. An investigation determined that intruders accessed student loan account registration information between June and July 2022. The stolen data includes names, addresses, emails, phone numbers and social security numbers for 2,501,324 student loan…

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…

Inside the Second White House Ransomware Summit

Ransomware is a growing, international threat. It's also an insidious one. The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public. In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline…

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers. According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately…