Check Out These Three Main Tips To Not Become Victims Like Uber Hacking

Uber experienced a hack. (photo: doc. unsplash)

JAKARTA - Last weekend the Uber ride-sharing service experienced a hacking incident, in which hackers managed to gain access to Uber source codes, emails and other systems such as Slack.

Even so, the company admitted that no customer data was compromised, but still customers still had to be vigilant.

Uber has previously experienced the same thing. Unfortunately, the case of data breach in 2016 which affected 57 million passengers and the driver was successfully closed tightly by Uber.

The hack this time is said to use social engineering techniques and utilize two-factor authentication (2FA).

One Uber employee said he accepted a 2FA authentication request, and accepted it. Because, the hacker disguised himself as an IT Uber employee and contacted him via WhatsApp.

Therefore, it is necessary to change the credentials of Uber accounts and not use the same password elsewhere. However, there are three main tips to protect your personal data from becoming a victim of social engineering such as Uber employees.

1. Be careful in Receiving 2FA Authentication Requests

When you have an online account, you definitely need a password as the main form of security, while the second is the 2FA authentication feature.

Authentication 2FA will send a request to your phone or an app on your phone to confirm that you're trying to log in to your account, but that request will only appear when you successfully enter a password.

Here, only this feature has a system permit to access your account and all the activities you have done. This means that no one else is related to this feature, even IT employees in your company. This means that you need to be careful and thorough in receiving 2FA authentication requests.

Jika Anda tidak sedang masuk ke akun, maka Anda adalah calon korban dari hacker yang sedang melakukan aksinya.

2. Don't Trust easily

Access to an account should only be available to two entities, you and the company running the website. service or app. But as already explained, the company doesn't need you to access your account.

Therefore, ignore anyone who asks for a password or two of your factors authentication suddenly.

3. Select a Tough 2FA Authentication Forms

Authentication 2FA does not only appear through cellphones, there are many ways you can choose, of course choosing in a way that you believe can prevent fraud from happening.

For example, via email and text messages, this is quite simple and easy to understand, even you often access it from several devices. However, they also rely on unsafe communication. This type of account can also be taken over via social engineering.

There are also devices (for example, smartphones or tablets) and applications that receive push requests are improvements from email or text, and moving 2FA settings to new devices is usually easy. But they are still weak to human mistakes, such as errors swiping or tapping the phone screen, or social engineering.

Then through the application that you have to open manually to see the 2FA code should only be visible to you. However, this security level only applies if the code can only be accessed locally on the device, not when stored and synchronized via cloud storage.

The weakness is that if you don't back up your settings, then to restore access to your 2FA code it can be very troublesome.

Lastly there is a hardware token, it's a completely independent physical item that can generate and display 2FA code for use, or handle 2FA authorization smoothly via a USB port or wireless connection (NFC or Bluetooth). As you can imagine, it's very safe, but it's easy to lose.