Photo by Amelia Holowaty Krales / The Verge
Like many other hacks, Uber’s major security breach started with a text message. Citing details provided by the alleged hacker, The New York Times reported that a fake text message tricked an Uber employee into revealing their password details, triggering a sequence of events that led to a large-scale compromise of the ridesharing company’s IT systems.
Even for a company with Uber’s resources, these kinds of social engineering threats are impossible to completely defend against. It doesn’t matter how good a firm’s password policies are, whether sensitive information is properly stored or encrypted, and even whether multi-factor authentication is used — there’s always a chance that a human employee will be fooled into letting the…