CybersecurityUber admitted to covering up massive data breach
Uber chief executive posted a message on the company’s blog, admitting that an October 2016 cyberattack allowed the hackers to collect personal information like names, driver license numbers, email addresses, phone numbers and more on 57 million Uber users and drivers around the world, including 600,000 Uber drivers in the U.S. The company paid the ransom the hackers demanded; asked them to sign a nondisclosure agreement and keep quiet about the breach; and then dressed up the breach as a “bug bounty,” the practice of paying hackers to test the strength of software security.
The U.K. Information Commissioner’s Office has said that it has “huge concerns” relating to Uber’s cover-up of a massive data breach which was revealed this week.
Uber admitted on Tuesday that it had covered up the cyberattack that exposed the data of some 57 million combined drivers and passengers.
Uber then paid the ransom demanded by the hackers on order to prevent the release of the stolen data.
Uber chief executive Dara Khosrowshahi posted a message on the company’s blog, saying that an October 2016 cyberattack allowed the hackers to collect personal information like names and phone numbers of Uber users worldwide.
He said two unnamed people outside the company had “inappropriately accessed user data stored on a third-party cloud-based service,” without breaching Uber’s internal systems.
“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” he added.
DW reports that the data stolen included the names and license numbers of about 600,000 drivers in the United States and unidentified “personal information” on 57 million drivers and users around the world, including the drivers described above including names, email addresses, and mobile phone numbers.
“We took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”
The New York Times reported that those responsible were pressured to sign nondisclosure agreements in order to prevent news of the breach from getting out.
says that Uber executives had then dressed up the breach as a “bug bounty,” the practice of paying hackers to test the strength of software security.
Affected accounts have been flagged for additional fraud protection, Khosrowshahi said.
“None of this should have happened, and I will not make excuses for it,” he wrote.
