Uber paid $100,000 for hackers' silence over huge data breach

Hackers stole 57 million drivers' and users' details, but Uber didn't say a word

Uber tried to hide a massive data breach, affecting 57 million drivers and users, the company has admitted.

The cover up involved payments of $100,000 (75,000) to the hackers, according to Bloomberg, which broke the news.

The breach happened in October 2016, and encompassed names, email addresses and phone numbers of over 50 million users of the service from around the world. Around 7 million drivers were also affected, with hackers accessing around 600,000 US driver's license numbers.

Advertisement - Article continues below

Reports claim Uber's former chief executive Travis Kalanick has known about the breach for over a year. Kalanick was forced out of the company in June, after months of controversies relating to sexism and poor working practices. He was replaced in August by former Expedia boss, Dara Khosrowshahi.

"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Khosrowshahi said in a statement.

"None of this should have happened, and I will not make excuses for it," he added. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."

Advertisement - Article continues below

In the wake of the revelation, Uber has fired its chief security officer, Joe Sullivan. The company has also set up pages for drivers and riders that may have been affected by the hack. These emphasise that the company has seen no evidence for fraud. It mentions that Uber will offer drivers free credit monitoring and identity theft protection, but doesn't extend this to users of the service.

Advertisement - Article continues below

"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," the page explains.

Two hackers managed to access a private GitHub site for Uber software engineers, according to Bloomberg. They were able to grab login credentials from there, which allowed them to access an Amazon Web Services account for Uber. There they found an archive of driver and user information, and blackmailed the company for money.

Uber has not had a great year, to put it mildly. The resignation of Kalanick was clearly intended to distance the company from mounting claims of allowing a sexist working environment, and came in the wake of reports that Uber's boss in Asia had been fired for obtaining medical records of a woman who had been raped by an Uber driver. The bad news has continued to amount since Khosrowshahi joined the company, however. The ride sharing company has lost its licence to operate in London, and recently lost an appeal in the UK over how its workers should be categorised.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


Business strategy

When the disruptors are disrupted

8 May 2020
Business strategy

Uber, WeWork cause SoftBank to lose 99% of quarterly profit

12 Feb 2020
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020