The following news story highlights stolen Uber email accounts which are worth $1 on the dark net (the criminal bazaar on the Internet where criminals buy and sell their wares)
http://www.nydailynews.com/news/national/stolen-uber-accounts-sale-1-dark-net-article-1.2167072
(Image from Nypost.
{A user on AlphaBay is selling log in credentials for $1 and a user on ThinkingForward-another dark web marketplace-is selling them for $5. Once bought, these logins can be used by anyone to order free cab rides under somebody else’s name.
The hacker on AlphaBay told Motherboard that the login credentials simple came from “hacked accounts” and that he had “thousands” of them.}
So of course not knowing who actually got hacked (which specific email addresses) the reporter calls Uber offices and they say what is a sort of standard response:
There is no proof of a hack in our network, we have no problem at this time. Specirfically they said: “We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report”. They go on and say that users should use good passwords. But it may not be the user passwords that were hacked. Instead as in this story:
It looks like Uber was hacked before, so it is not outside the realm of possibility that Uber’s cyberdefenses are not as good as advertised. If Uber’s servers or network can be compromised then it is possible that hackers have stolen Uber accounts. And now with the stolen accounts the hackers are trying to sell their ill begotten gains a little at a time. the buyers will figure out how to make money from their purchases as well.
This information does not actually answer my questions:
Have you been hacked?
How do you know?
If you don’t have an IPS/IDS system IPS=Intrusion Prevention System, IDS= Intrusion Detection System then you don’t know anything.
An IDS will have logs of your network traffic (an IPS will have an option to remove network traffic) where it is taking a snapshot of traffic that you may set for review.
The only other issue is that somebody has to check this log out for a successful attack and what do you do about it?
This is the new world we live in, everyone needs an IPS/IDS and then check their logs and incident reports.
Polliwall is yet another method where a filter can be set ahead of the IPS/IDS. http://oversitesentry.com/detecting-cyberbreach-is-the-challenge/