Ride-share upstart 'Fasten' revealed as Hive of insecurity

Like Uber but for leaking personal data: a million customer records left on unsecured Hadoop

Boston-based ride-hailing hopeful Fasten has coughed to a million-customer data breach that happened because someone left a database lying around unsecured.

The breach was turned up by cloud-crowd Kromtech, whose Bob Diachenko wrote late last week that the company had a misconfigured Apache Hive database exposed on the Internet. Hive is a data warehouse system built on top of Hadoop.

“The server was left open for end-user access and this also let anyone with an internet connection access Fasten’s internal data”, he wrote.

The exposed customer data included names, e-mails, telephone numbers, IMEI codes, trip details (pick-up and drop-off points), and links to photos. Corporate data, including a few thousand driver profiles, routes, comments about drivers, car registration, and photos of drivers’ vehicles.

Diachenko notes that the only payment information in the database was the last four digits of credit cards.

The company told Diachenko the database was created on October 11 of this year, but it wasn’t populated until later, and as far as Fasten can tell, it was only accessible for 48 hours. Fasten doesn’t believe anybody other than Kromtech’s people accessed the data before it was deleted.

Fasten’s Jennifer Borgen told Kromtech it was “old production data”, and the company is reviewing its security processes to keep data safer in future.

The company only operates in Boston and Austin, Texas. ?


Biting the hand that feeds IT ? 1998–2017

  • 321961289 2018-02-18
  • 776731288 2018-02-18
  • 9075261287 2018-02-18
  • 3005511286 2018-02-18
  • 867341285 2018-02-18
  • 2234581284 2018-02-17
  • 1507351283 2018-02-17
  • 4371991282 2018-02-17
  • 6759701281 2018-02-17
  • 5507351280 2018-02-17
  • 44561279 2018-02-17
  • 1884971278 2018-02-17
  • 8364991277 2018-02-17
  • 713261276 2018-02-17
  • 1284591275 2018-02-17
  • 7923611274 2018-02-17
  • 8609021273 2018-02-17
  • 7607231272 2018-02-17
  • 3146191271 2018-02-17
  • 587901270 2018-02-17