Hackers managed to steal personal data from 50 million passengers and 7 million Uber drivers. The incident occurred in 2016, but it has only recently become known. The attackers demanded $100,000 from Uber....
Hackers managed to steal personal data from 50 million passengers and 7 million Uber drivers. The incident occurred in 2016, but it has only recently become known.
The attackers demanded $100,000 from Uber. The company agreed to pay them off and decided to hide the theft of user's data from the public.
Two hackers were able to access the private archives of Uber developers on the GitHub server. Among other things in the archives, they found credentials to the cloud service Amazon Web Services where the company stored confidential user data.
The company reports that data, which if disclosed could cause direct financial damage to users such as bank card and account numbers, remained safe. The intruders got names, e-mail addresses, mobile numbers, and driver's license numbers - but the company insists that they did not have time to use the information.
In a statement, Khosrowshahi reports that two employees responsible for security have already been dismissed. One of them is Joe Sullivan, the head of the security department.
"None of this should have happened, and I will not make excuses," added Khosrowshahi. The CEO also vouched for all Uber employees and promised to "learn from the mistakes."
Uber turned to Mandiant to investigate the hacking, a company that specializes in cyber security. Under U.S. law, Uber had to notify its users about the leakage of personal data. The company admits that they should have reported the incident but they say they saw no signs of hacking and therefore could not react.
According to journalists from The New York Times, the company agreed to sign a nondisclosure agreement with the hackers and gave them a ransom as a reward for finding the bug.
This is not the first time that a scandal involving user data has been associated with Uber. Before that, it became known that the Uber application can capture everything that happens on the screen of an iPhone user. The developers were quick to assure that this was done to improve the display of maps on smart watches from Apple.
Share this with your friends!