The world-famous transportation technology company is in headlines again. However, this time not for a good cause but for the data breach that happened last year and was till date concealed.
Uber is accused of a massive data breach that took place last year in October. It is reported that personal data of 57 million drivers and customers were compromised by hackers. To our amusement, Uber instead of announcing the data breach paid hackers a massive amount of $100,000 as ransom to delete the data compromised and not to disclose the incident.
The information that was compromised in this breach includes personal data of 50 million customers such as names, phone numbers and email addresses. It is also revealed that 7 million Uber drivers also suffered the attack including the license numbers of almost 600,000 U.S. driver’s license numbers.
Must Read: 10 Biggest 21st Century Data Breaches
It is however confirmed by Uber that no information such as credit card information, social security numbers, location details about the trips and such was compromised or leaked.
How Did It Happen?
As per Uber, the data breach did not happen directly on their system, rather their systems were accessed in an unauthorized manner by two outside individuals who somehow managed to steal the data of 57 million users. It is said that all the data was stored on a third-party cloud-based service from where it was stolen.
It is informed that the attackers illegitimately accessed the private GitHub coding site that Uber used. Both the hackers stole the login credentials of the coding site and then stole all the information that was stored on the Amazon Web services account. After stealing the information hackers then demanded ransom from Uber.
Why Was It Kept Secret?
Former CEO Travis Kalanick was made aware of the incident in 2016, but the company at that time was negotiating with U.S regulators, Federal Trade Commission(FTC) on some privacy claims. Henceforth, they decided to keep this data breach undisclosed and paid attacker a ransom amount of $100,000.
It is reported that two Uber officials namely Uber Chief Security Officer Joe Sullivan and Craig Clark were the main culprits who managed to hide this data breach and are now fired.
As stated by Dara Khosrowshahi, CEO of Uber, “None of this should have happened, and I will not make excuses for it. While I cannot erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,”
“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
The company also quoted “no evidence of fraud or misuse tied to the incident.” It is also said that the company is providing credit protection monitoring and identity theft protection to the drivers whose data is said to be compromised.
As per company officials, accounts affected are being scrutinized and the drivers are requested not to lodge any complaints or to take any actions.
For users like us, we guess resetting the account credentials is a way around for the time being.