Massive breach affected 50 million users of the ride hailing app.
Uber has admitted that it paid hackers $100,000 and then concealed a security breach over stolen data that affected 50 million customers and 7 million drivers. It paid out on the condition that the cybercriminals would delete the stolen data, which included names, email addresses and mobile phone numbers.
Worryingly, the attack didn’t happen in the last few days, weeks or months, but back in October 2016. The company has admitted that failing to notify affected individuals or regulators, until last week, was a mistake. “None of this should have happened, and I will not make excuses for it,” said Uber chief executive Dara Khosrowshahi.
Road to Nowhere
As well as all the personal data mentioned above, the drivers license numbers of 600,000 drivers in the US were stolen as well.
Uber have said however, that more sensitive information, such as credit card numbers, bank account numbers, social security numbers, dates of birth, and location data has not been compromised or stolen.
In the aftermath of the news, Khosrowshahi also announced that Uber’s chief security officer Joe Sullivan had resigned with immediate affect, alongside two others, who, at the time of writing, had not been officially identified.
Back to the Future
“While I can’t erase the past,” Khosrowshahi continued, “I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Exact details of how the cyber attack happened have not been released, but according to a report by Bloomberg, the hack was reported to have been carried out by two hackers were able to access a private area of Github, an online resource for developers.
New York Attorney General Eric Schneiderman has now launched launched an investigation into the attack, and the company has also been sued for negligence by a customer seeking class-action status.
Irony. Isn’t it ironic.
At the time of the data breach in October of last year, Uber was, ironically, negotiating with US. regulators who were investigating privacy violation claims, and had just settled a case with the Federal Trade Commission over similar allegations. At the time, former CEO Travis Kalanick did not take the opportunity to admit or comment on the hack.
By way of recompense, Uber drivers have been offered free credit monitoring protection. Uber’s customers however, have so far been offered nothing.