Uber And Large Hawaii Vacation Rental Data Breached

Today there’s a recent warning on data breaches at Uber and a large Hawaii vacation rental company called Red Awning. Multiple sources are reporting the compromised data. For those who don’t know, editor Jeff has worked in technology for years and has a keen interest in the topic. Everyone should take note and read our tips to help keep their personal information as safe as possible. First, here’s what’s reported to have happened.

The Red Awning vacation rental database leaked online.

You should care about this because well-regarded Red Awning has nearly 20,000 vacation rental listings globally, with nearly 1,000 in Hawaii. Its database has reportedly been hacked, and its contents subsequently leaked online. Their website by-line states: “Travel boldly, we’ve got you covered.” We’ll see now if that’s true.

A hacking-related forum post showed the database, which remains accessible publicly, including details of perhaps 45,000 registered Red Awning users contained in 170,000 records. The issue was reported by Safety Detectives, which says it is “a publishing group of cybersecurity experts, privacy researchers, and technical product reviewers located all over the world.”

The breach is said to have at least initially occurred pre-Covid, but the exact date isn’t entirely clear. Also, it isn’t known whether the vulnerability continues to exist. The issue surfaced on the hacking forum in November.

The compromised data includes names, emails, passwords, locations and addresses, reservations, and phone numbers. There is no mention of any credit card compromise. It also isn’t clear whose data is represented.

Safety Detectives said, “The exposed data would have been enough for skilled cybercriminals to commit many of the most common forms of fraud or online attacks against allegedly compromised RedAwning users, including Identity theft, phishing campaigns, doxing and harassment.” If that wasn’t bad enough, read on for another database hack.

Uber: victim of a data leak.

Uber confirmed that it was the victim of a breach when criminals could access its information via a third-party vendor. This began coming to light last week when data stolen from Uber and Uber Eats began appearing online on the dark web.

BleepingComputer reports that in one of the compromised databases, there was data of more than 77k employees of Uber.

Uber said, “We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September. Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”

The data leak appears to be associated with an Amazon Web Services (AWS) backup server owned by Uber partner Teqtivity. Hackers did not access Uber’s internal systems. “We have not seen any malicious access to Uber internal systems.” Teqtivity “does not collect or store, and therefore the data does not include, sensitive personal information like bank account details or government identification numbers (like SSNs, tax numbers), nor do they collect or store consumer, driver or courier information.” More information about what was compromised is needed.

What can you do to help prevent online fraud, phishing, and identity theft?

1. Enter personal data only on secure websites indicated by the browser security lock icon and URL starting with HTTPS.
2. Create unique and secure passwords that aren’t used on multiple websites.
3. Avoid suspicious links and responding to unknown emails.
4. Be cautious about entering credit card credentials on websites you don’t trust.
5. Manage bank and credit card statements regularly.
6. Consider a credit lock to guard your credit and personal data.
7. Monitor credit reports.
8. Enable two-factor authentication where possible. Don’t click on suspicious links.
9. Avoid using public Wi-Fi.
10. Be careful at ATMs.