Will the taxi driver app providers be upgrading their apps to utilize some form of initial authentication to ensure that only drivers get access to passenger location information?
Warnings to users (perhaps at certain times and locations), initial authentication, background check requirements, reporting and logging pickup location information and details as to which drivers saw which passenger signals, as well as logging all driver locations on an ongoing basis are some initial suggestions.
While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers "a toehold" in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.