Uber Paid Hackers to Delete Stolen Data and to Keep Silent: New Uber Scandal
Reports about an alleged hacking incident involving Uber Technologies Inc. is currently hitting the headlines.
It has been reported that hackers had stolen personal data of millions of Uber customers and drivers and also that Uber paid the hackers money to delete the stolen data. It’s also reported that Uber has sacked people who kept the hack a secret for over a year.
Bloomberg has come out with a report titled ‘Uber Paid Hackers to Delete Stolen Data on 57 Million People‘, which says- “Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. ”
The report further says– “This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.”
The Bloomberg report is apparently based on an Uber release, authored by Dara Khosrowshahi, who took over in September as the new CEO. Dara Khosrowshahi writes- “I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.”
It was in October 2016 that the hacking incident happened. The hackers got away with names, email addresses and phone numbers of 50 million Uber riders around the world. They also stole personal information of about 7 million Uber drivers, which includes, as per reports, some 600,000 U.S. driver’s license numbers.
Bloomberg reports that the hacking incident had happened at a time when US regulators were investigating separate claims of privacy violations and Uber was negotiating with them. The company had a legal obligation to report the hack to the regulators as well as to the drivers who were targeted whose details the hackers had stolen. But instead Uber chose to pay the hackers a hefty sum to get all stolen data deleted and to keep mum about it.
A detailed report on the Uber hack published by Edgy Labs says that the ousted CEO of Uber Travis Kalanick was part of all that had happened. The Edgy Labs report says- “The new Uber scandal also exposes the participation of Travis Kalanick, the ousted CEO of Uber, and the company’s Chief Security Officer, Joe Sullivan. Current and former employees of the company who spoke on the condition of anonymity confirmed that Sullivan arranged the deal under Kalanick’s watch.”
The new CEO Dara Khosrowshahi has reportedly taken several actions after learning of the security incident. These include structuring Uber’s security teams and processes, individually notifying drivers whose license numbers were downloaded, providing the drivers with free credit monitoring and identity theft protection, notifying regulatory authorities etc.
Dara Khosrowshahi says– “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.