57-million Uber users hacked

Hackers stole the personal data of 57 million customers and drivers and the ride-hailing company allegedly paid them $100,000 to delete the information and “go away”.

The data was compromised in October 2016, and Uber has managed to conceal the breach for more than a year, according to Bloomberg.

Uber claims they were involved in negotiations with US regulators about separate privacy violations at the time of the breach.

But the company now admits they were legally required to report the hack to regulators and to drivers whose license numbers were taken.

However, Uber reportedly paid the hackers $100,000 to delete the data instead.

Joe Sullivan, Uber’s chief security officer, was fired this week for his role in keeping the hack quiet. One of Sullivan’s deputies was also fired for helping.

Ex-CEO and co-founder, Travis Kalanick, reportedly found out about the hack in November 2016, but at the time Uber had just settled a lawsuit with the New York attorney general over the company’s privacy practices.

Dara Khosrowshahi took over as Uber’s new CEO in September.

‘None of this should have happened, and I will not make excuses for it,’ Khosrowshahi said in a press statement on Tuesday. ‘We are changing the way we do business.’

‘At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals.

‘We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts,’ Khosrowshahi said.

The hackers stole names, email addresses, and phone numbers from 50 million Uber riders worldwide, said in the statement.

Personal information from 7 million drivers was also compromised. That figure includes about 600,000 US driver’s license numbers that were stolen.

Uber claims that no one’s Social Security numbers, credit card details, or trip location information was stolen.

The company said they don’t believe the information was ever used. Uber also declined to release the identities of the hackers.

‘While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,’ Khosrowshahi said.

Dara Khosrowshahi took over as Uber’s new CEO in September. ‘None of this should have happened, and I will not make excuses for it,’ Khosrowshahi (pictured last month) said. ‘We are changing the way we do business’ +5
Dara Khosrowshahi took over as Uber’s new CEO in September. ‘None of this should have happened, and I will not make excuses for it,’ Khosrowshahi (pictured last month) said. ‘We are changing the way we do business’

Uber’s hack joins the ranks of other massive hacks such as Yahoo and Equifax. In September, Equifax reported that the hack compromised the sensitive information of 145.5 million people and the Yahoo hack affected three billion +5
Uber’s hack joins the ranks of other massive hacks such as Yahoo and Equifax. In September, Equifax reported that the hack compromised the sensitive information of 145.5 million people and the Yahoo hack affected three billion

According to Bloomberg, Sullivan, who joined Uber in 2015, was the guy who spearheaded the response to the hack last year.

Last month, an investigation was launched into the activities of Sullivan’s security team. During the investigation, the hack and cover-up were discovered.

Uber said two attackers gained access to private GitHub coding site used by Uber software engineers, according to Bloomberg.

From there, the hackers used login credentials they obtained from GitHub to access data stored on an Amazon Web Services account.

The hackers then found an archive of rider and driver information. Once the information was accessed, the attackers asked Uber for money.

Khosrowshahi said he’s bringing on board Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, for guidance on ‘how best to guide and structure our security teams and processes going forward’.

The company is currently in the process of ‘individually notifying the drivers whose driver’s license numbers were downloaded’. Uber will also provide these drivers with free credit monitoring and identity theft protection.

Uber’s hack joins the ranks of other massive hacks such as Yahoo and Equifax. In September, Equifax reported that the hack compromised the sensitive information of 145.5 million people.

And last month, Yahoo admitted that three billion Yahoo users were affected by the 2013 data theft that the company originally said had only affected 1 billion users.

By Valerie Edwards for Daily Mail

Tags: , , , , ,

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top