Uber paid $100,000 to cover up 2016 breach exposing data of 57 million customers and drive...

Posted:
in General Discussion edited November 2017
Uber on Tuesday became the latest tech firm to acknowledge a major hack of its systems that spilled data from 50 million customers and some 7 million drivers, a breach the company paid $100,000 to keep quiet.




The ride hailing firm told Bloomberg hackers gleaned rider names, email addresses and phone numbers in a successful attack dating back to 2016. Personal information of drivers, including about 600,000 U.S. driver's license numbers, were included in the stolen data cache.

Uber notes that social security numbers, credit card details, trip location and other sensitive information was not stolen in the hack.

According to the report, a pair of hackers infiltrated a private GitHub site used by Uber software engineers to gain access to login credentials that were subsequently used to access an Uber-assigned Amazon Web Services account. The AWS database included an archive of rider and driver information, which the hackers leveraged to ransom the company.

Uber was obligated to inform authorities of the breach, and alert drivers whose license information was stolen, but the company instead chose to pay $100,000 to delete the data.

"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," said Uber CEO Dara Khosrowshahi. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."

Then-CEO Travis Kalanick, who was ousted from his company earlier this year, was informed of the cyberattack in November 2016, approximately one month after it took place. Leading the clandestine action to keep the hack under wraps was chief security officer Joe Sullivan, who was hired from Facebook in 2015 to take over the company's security operations.

Sullivan and his team were behind a number of questionable decisions this year and are at the center of a probe commissioned by Uber's board. The investigation unearthed today's reported hack and subsequent attempt to cover it up.

In light of the revelations, Uber this week fired Sullivan and Craig Clark, a senior lawyer reporting to Sullivan, for their role in concealing the cyberattack.

Uber has since hired cybersecurity firm Mandiant to investigate the intrusion, and has hired Matt Olsen, a former general counsel at the National Security Agency, to assist in restructuring the company's embattled security teams.
«1

Comments

  • Reply 1 of 24
    Uber is just flat out a morally bankrupt scumbag company. Hope it’s not too late for it’s new CEO to turn Uber’s image around.
    edited November 2017 Solimark fearingsteyouncalitokyojimuLukeCagebdkennedy1002chiajahbladedysamoria
  • Reply 2 of 24
    SoliSoli Posts: 10,030member

    Use Lyft or anyone but Uber.

    jbdragonsteyounchasmmac_dogtokyojimuLukeCagestevenozretrogustochiasuddenly newton
  • Reply 3 of 24
    In the immortal words of Theodore Roosevelt, ``a well regulated capitalist system is the only capitalist system worth having.''
    chasmiqatedocgWerksretrogustojahbladedysamoriaStrangeDays
  • Reply 4 of 24
    This company should no longer be allowed to exist. Paying hush money to hackers to ensure that no bad news gets out that might interrupt their funding. 
    jahbladedysamoriawatto_cobra
  • Reply 5 of 24
    jbdragonjbdragon Posts: 2,246member
    In the immortal words of Theodore Roosevelt, ``a well regulated capitalist system is the only capitalist system worth having.''
    So you’re really saying you are a communist!  In a real capitalist market as we are already over regulated to hell, people will flee the service to someone else like Lift.

    How the f are you going to regulate security?   The government has had many of its own leaks.  
    racerhomie
  • Reply 6 of 24
    SoliSoli Posts: 10,030member
    jbdragon said:
    In the immortal words of Theodore Roosevelt, ``a well regulated capitalist system is the only capitalist system worth having.''
    So you’re really saying you are a communist!  In a real capitalist market as we are already over regulated to hell, people will flee the service to someone else like Lift.

    How the f are you going to regulate security?   The government has had many of its own leaks.  
    1) No, because that's not capitalism, and I'm shocked that you think that having regulations means that it's equatable to communism.

    2) Security is filled with regulations and always will be. The Second Amendment literally has the word regulated and security in it.
    edited November 2017 iqatedocgWerksPickUrPoisonretrogustomuthuk_vanalingamdysamoriaStrangeDays
  • Reply 7 of 24
    cgWerkscgWerks Posts: 2,720member
    Uber is just flat out a morally bankrupt scumbag company. Hope it’s not too late for it’s new CEO to turn Uber’s image around.
    No doubt. Hopefully it was a few people that can be gotten rid of, but I'm guessing it runs deeper. :(

    jbdragon said:
    So you’re really saying you are a communist!  In a real capitalist market as we are already over regulated to hell, people will flee the service to someone else like Lift. 
    Holy cow, do you need an Economics 101 course! (As do like 90% of our politicians.) :(
    retrogustodysamoria
  • Reply 8 of 24
    jbdragon said:
    So you’re really saying you are a communist! 
    You have no idea what communism is. Not surprising at all, as Americans cannot even list the three branches of their own government without googling it. 
    Solimuthuk_vanalingamdysamoriaStrangeDays
  • Reply 9 of 24
    jbdragon said:
    So you’re really saying you are a communist! 
    You have no idea what communism is. Not surprising at all, as Americans cannot even list the three branches of their own government without googling it. 
    IRS, Department of Defense, and Judge Judy? 
    mwhiteSoliPickUrPoisontallest skilracerhomiecgWerksicoco3
  • Reply 10 of 24
    SoliSoli Posts: 10,030member
    jbdragon said:
    So you’re really saying you are a communist! 
    You have no idea what communism is. Not surprising at all, as Americans cannot even list the three branches of their own government without googling it. 
    IRS, Department of Defense, and Judge Judy? 
    Steve Bannon, Rush Limbaugh, and Alex Jones?
    edited November 2017 retrogustolukeiStrangeDaysbadmonk
  • Reply 11 of 24
    ktappektappe Posts: 808member
    jbdragon said:
    So you’re really saying you are a communist!  In a real capitalist market as we are already over regulated to hell 
    Do you have any supporting evidence that we are "over regulated to hell"?  

    The Net Neutrality crisis pretty much obliterates your argument, BTW. Getting rid of the FCC regulations is what's going to consign us to hell.
    retrogustodysamoriaStrangeDaysbadmonk
  • Reply 12 of 24
    I’m sorry, but all data breaches PALE IN COMPARISON to the Experian failure... and that affected (and continues to affect) half of the US population. Until the rest of the US or perhaps the government and data of China are breached, Experian will remain the worst example of poor stewardship over private information.
    cgWerksicoco3badmonk
  • Reply 13 of 24
    What are the chances that UBER will play by the rules from now on with new CEO?
    dysamoria
  • Reply 14 of 24
    sergioz said:
    What are the chances that UBER will play by the rules from now on with new CEO?
    Probably close to zero

    -MAS 
    dysamoriawatto_cobra
  • Reply 15 of 24
    SoliSoli Posts: 10,030member
    I’m sorry, but all data breaches PALE IN COMPARISON to the Experian failure... and that affected (and continues to affect) half of the US population. Until the rest of the US or perhaps the government and data of China are breached, Experian will remain the worst example of poor stewardship over private information.
    Why are you sorry? What Experian breach? If you mean Equfax, why does that breach mean that the Uber breach isn’t an issue for customers and investors? Why does it have to be brought up at all or need anyone to point out that it’s not as bad as some other breach?
    retrogustomuthuk_vanalingamdysamoriaStrangeDays
  • Reply 16 of 24
    cgWerkscgWerks Posts: 2,720member
    ktappe said:
    The Net Neutrality crisis pretty much obliterates your argument, BTW. Getting rid of the FCC regulations is what's going to consign us to hell.
    I'm not quite sure I'd go that far. Did the FCC regulations stop bad things from happening in the short time they've been in place? Possibly. But, they also didn't do nearly enough. They were kind of Net Neutrality Lite. Plus, they came with language which gave the gov't control over 'unlawful content.' There's also the problem of what you do with CDNs or how, for example, Netflix places caching units right at local ISP sites (which they pay for).

    So, while I'm 100% behind the general principals of net neutrality... it isn't as simply as it appears on the surface in terms of technical implementation. And, there's a big difference between net neutrality (the principal) and Net Neutrality™ the FCC plan.

    I’m sorry, but all data breaches PALE IN COMPARISON to the Experian failure... and that affected (and continues to affect) half of the US population. Until the rest of the US or perhaps the government and data of China are breached, Experian will remain the worst example of poor stewardship over private information.
    Oh yea... that, or maybe even Yahoo are worse. But, this is just another in a long line of Uber moral failures.

    sergioz said:
    What are the chances that UBER will play by the rules from now on with new CEO?
    What are the chances the moral failings were contained only to the CEO? I don't get that impression.
    dysamoria
  • Reply 17 of 24
    Soli said:

    Use Lyft or anyone but Uber.

    Yeah, I don't get it.  They offer exactly the same service--with the same employees! (since many/most drive for both)--and people still blithely support the company with a deservedly terrible reputation.  Perhaps they should double down and hire Louis C.K. and O.J. Simpson to be their spokesmen.
    badmonk
  • Reply 18 of 24
    dysamoriadysamoria Posts: 3,429member
    jbdragon said:
    In the immortal words of Theodore Roosevelt, ``a well regulated capitalist system is the only capitalist system worth having.''
    So you’re really saying you are a communist!  In a real capitalist market as we are already over regulated to hell, people will flee the service to someone else like Lift.

    How the f are you going to regulate security?   The government has had many of its own leaks.  
    Wow. Post-WWII anti-USSR propaganda really worked on you, didn't it? Someone makes a perfectly sane and rational suggestion to regulate our economy for the benefit of all of society and you habitually spit out "communist!!!" Stimulus-response. The Cold War propagandists couldn't have asked for better than you.

    How old are you? Are you old enough to have even been alive during the Cold War? If so, okay (so was I), but you need a serious education in... well, possibly a lot of things, but I recommend starting with what "communism" actually means.
    cgWerks
  • Reply 19 of 24
    jbdragon said:
    In the immortal words of Theodore Roosevelt, ``a well regulated capitalist system is the only capitalist system worth having.''
    So you’re really saying you are a communist!  In a real capitalist market as we are already over regulated to hell, people will flee the service to someone else like Lift.

    How the f are you going to regulate security?   The government has had many of its own leaks.  
    So much ignorance. 
  • Reply 20 of 24
    jbdragon said:
    In the immortal words of Theodore Roosevelt, ``a well regulated capitalist system is the only capitalist system worth having.''
    So you’re really saying you are a communist!  In a real capitalist market as we are already over regulated to hell, people will flee the service to someone else like Lift.

    How the f are you going to regulate security?   The government has had many of its own leaks.  
    Go breath the air in Beijing.  Go swim in the toxic waters of Chernobyl.  Go have a teaspoon of Roundup. Go research how unregulated British capitalists decimated Amazon tribes during the rubber boom.  Most regulations in the US and world were born of, indeed were reactions to inhumane capitalist acts.  You may remember that little situation that occurred in late 2008, just as the last Republican administration was finishing up, when about 22 Trillion in equity and property values evaporated?  Poor regulations!

    Trump supporters (Right?) seem only to understand first order cause and effect relationships.  NOTHING is that simple.  Complexity abounds and attempting to deny or dumb down or define it as “Fake” is typical behavior for a two year old.  

    In the end, the human adventure is an intelligence test.  
    Truth doesn’t require your belief to exist, but bullshit sure does.
Sign In or Register to comment.