Uber Pays Up Hackers to Hide Massive Breach

Chloe Brett November 22, 2017
Uber Pays Up Hackers to Hide Massive Breach

Uber Technologies Inc. paid hackers $100,000 to keep secret a massive breach last year that exposed the personal informations of accounts of the ride-service provider.

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm threw out its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Discovery of the U.S. company's cover-up of the incident led to the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

The hack is another controversy for Uber on top of sexual harassment allegations, a lawsuit alleging trade secrets theft and multiple federal criminal probes that culminated in Kalanick's dismissal in June.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Weber said it believes the information was never used, but declined to reveal the identities of the attackers.

Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.

"None of this should have happened, and I will not make excuses for it," Khosrowshahi said in a blog post.

Hackers have successfully broken into numerous companies in recent years. The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc.and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack.

Two hackers gained access to proprietary information stored on GitHub, a service that allows engineers to collaborate on software code. There, the two people stole Uber's credentials for a separate cloud-services provider where they were able to download driver and rider data.

A GitHub spokeswoman said the hack was not the result of a failure of GitHub's security.


You must be armed to the teeth with the best and most useful knowledge in trading. Visit Bworld Review to turn yourself into a sharper and wiser investor!

Chloe Brett
Trending

GET DAILY UPDATES

Sign up to our daily newsletter and get the latest scoop in the tech market!