Uber paid $100,000 for hackers' silence over huge data breach

Hackers stole 57 million drivers' and users' details, but Uber didn't say a word

Uber tried to hide a massive data breach, affecting 57 million drivers and users, the company has admitted.

The cover up involved payments of $100,000 (75,000) to the hackers, according to Bloomberg, which broke the news.

The breach happened in October 2016, and encompassed names, email addresses and phone numbers of over 50 million users of the service from around the world. Around 7 million drivers were also affected, with hackers accessing around 600,000 US driver's license numbers.

Reports claim Uber's former chief executive Travis Kalanick has known about the breach for over a year. Kalanick was forced out of the company in June, after months of controversies relating to sexism and poor working practices. He was replaced in August by former Expedia boss, Dara Khosrowshahi.

"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Khosrowshahi said in a statement.

"None of this should have happened, and I will not make excuses for it," he added. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."

In the wake of the revelation, Uber has fired its chief security officer, Joe Sullivan. The company has also set up pages for drivers and riders that may have been affected by the hack. These emphasise that the company has seen no evidence for fraud. It mentions that Uber will offer drivers free credit monitoring and identity theft protection, but doesn't extend this to users of the service.

"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," the page explains.

Two hackers managed to access a private GitHub site for Uber software engineers, according to Bloomberg. They were able to grab login credentials from there, which allowed them to access an Amazon Web Services account for Uber. There they found an archive of driver and user information, and blackmailed the company for money.

Uber has not had a great year, to put it mildly. The resignation of Kalanick was clearly intended to distance the company from mounting claims of allowing a sexist working environment, and came in the wake of reports that Uber's boss in Asia had been fired for obtaining medical records of a woman who had been raped by an Uber driver. The bad news has continued to amount since Khosrowshahi joined the company, however. The ride sharing company has lost its licence to operate in London, and recently lost an appeal in the UK over how its workers should be categorised.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Uber wins license to operate in London after ‘plugging IT gaps’
Policy & legislation

Uber wins license to operate in London after ‘plugging IT gaps’

28 Sep 2020
Uber claims it makes London "safer" in TfL licence battle
Policy & legislation

Uber claims it makes London "safer" in TfL licence battle

16 Sep 2020
Former Uber CSO charged for data breach cover-up
hacking

Former Uber CSO charged for data breach cover-up

21 Aug 2020
Court orders Uber and Lyft to consider drivers as employees
IT regulation

Court orders Uber and Lyft to consider drivers as employees

11 Aug 2020

Most Popular

Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020