Uber paid $100,000 to cover up 2016 breach exposing data of 57 million customers and drive...
Uber on Tuesday became the latest tech firm to acknowledge a major hack of its systems that spilled data from 50 million customers and some 7 million drivers, a breach the company paid $100,000 to keep quiet.
The ride hailing firm told Bloomberg hackers gleaned rider names, email addresses and phone numbers in a successful attack dating back to 2016. Personal information of drivers, including about 600,000 U.S. driver's license numbers, were included in the stolen data cache.
Uber notes that social security numbers, credit card details, trip location and other sensitive information was not stolen in the hack.
According to the report, a pair of hackers infiltrated a private GitHub site used by Uber software engineers to gain access to login credentials that were subsequently used to access an Uber-assigned Amazon Web Services account. The AWS database included an archive of rider and driver information, which the hackers leveraged to ransom the company.
Uber was obligated to inform authorities of the breach, and alert drivers whose license information was stolen, but the company instead chose to pay $100,000 to delete the data.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," said Uber CEO Dara Khosrowshahi. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."
Then-CEO Travis Kalanick, who was ousted from his company earlier this year, was informed of the cyberattack in November 2016, approximately one month after it took place. Leading the clandestine action to keep the hack under wraps was chief security officer Joe Sullivan, who was hired from Facebook in 2015 to take over the company's security operations.
Sullivan and his team were behind a number of questionable decisions this year and are at the center of a probe commissioned by Uber's board. The investigation unearthed today's reported hack and subsequent attempt to cover it up.
In light of the revelations, Uber this week fired Sullivan and Craig Clark, a senior lawyer reporting to Sullivan, for their role in concealing the cyberattack.
Uber has since hired cybersecurity firm Mandiant to investigate the intrusion, and has hired Matt Olsen, a former general counsel at the National Security Agency, to assist in restructuring the company's embattled security teams.
The ride hailing firm told Bloomberg hackers gleaned rider names, email addresses and phone numbers in a successful attack dating back to 2016. Personal information of drivers, including about 600,000 U.S. driver's license numbers, were included in the stolen data cache.
Uber notes that social security numbers, credit card details, trip location and other sensitive information was not stolen in the hack.
According to the report, a pair of hackers infiltrated a private GitHub site used by Uber software engineers to gain access to login credentials that were subsequently used to access an Uber-assigned Amazon Web Services account. The AWS database included an archive of rider and driver information, which the hackers leveraged to ransom the company.
Uber was obligated to inform authorities of the breach, and alert drivers whose license information was stolen, but the company instead chose to pay $100,000 to delete the data.
"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," said Uber CEO Dara Khosrowshahi. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."
Then-CEO Travis Kalanick, who was ousted from his company earlier this year, was informed of the cyberattack in November 2016, approximately one month after it took place. Leading the clandestine action to keep the hack under wraps was chief security officer Joe Sullivan, who was hired from Facebook in 2015 to take over the company's security operations.
Sullivan and his team were behind a number of questionable decisions this year and are at the center of a probe commissioned by Uber's board. The investigation unearthed today's reported hack and subsequent attempt to cover it up.
In light of the revelations, Uber this week fired Sullivan and Craig Clark, a senior lawyer reporting to Sullivan, for their role in concealing the cyberattack.
Uber has since hired cybersecurity firm Mandiant to investigate the intrusion, and has hired Matt Olsen, a former general counsel at the National Security Agency, to assist in restructuring the company's embattled security teams.
Comments
Use Lyft or anyone but Uber.
How the f are you going to regulate security? The government has had many of its own leaks.
2) Security is filled with regulations and always will be. The Second Amendment literally has the word regulated and security in it.
Holy cow, do you need an Economics 101 course! (As do like 90% of our politicians.)
The Net Neutrality crisis pretty much obliterates your argument, BTW. Getting rid of the FCC regulations is what's going to consign us to hell.
-MAS
So, while I'm 100% behind the general principals of net neutrality... it isn't as simply as it appears on the surface in terms of technical implementation. And, there's a big difference between net neutrality (the principal) and Net Neutrality™ the FCC plan.
Oh yea... that, or maybe even Yahoo are worse. But, this is just another in a long line of Uber moral failures.
What are the chances the moral failings were contained only to the CEO? I don't get that impression.
How old are you? Are you old enough to have even been alive during the Cold War? If so, okay (so was I), but you need a serious education in... well, possibly a lot of things, but I recommend starting with what "communism" actually means.
Trump supporters (Right?) seem only to understand first order cause and effect relationships. NOTHING is that simple. Complexity abounds and attempting to deny or dumb down or define it as “Fake” is typical behavior for a two year old.
In the end, the human adventure is an intelligence test.
Truth doesn’t require your belief to exist, but bullshit sure does.