One Year Later, Uber Comes Clean On Hack Affecting 57 Million People

Ivan Schwartz
November 23, 2017

Bloomberg Technology reported Tuesday that Uber suffered a massive data breach in the fall of 2016 that exposed names, email addresses and phone numbers of 50 million customers worldwide as well as the personal information of an additional 7 million customers.

On Tuesday, Bloomberg revealed that Uber paid hackers $100,000 to hide a cyber attack that exposed the personal data of 57 million users of the app in October 2016.

"None of this should have happened, and I will not make excuses for it", Dara Khosrowshahi, who Uber named as CEO in September, said in a statement. He was not at the helm when it happened.

The hackers subsequently contacted Uber and demanded a $100,000 extortion fee to erase the data from their servers, a demand which the company agreed to, according to the report. The company even paid the hackers $100,000 to delete the data and keep quiet.

A collection of information of rider and driver was included in the AWS database which the hackers downloaded to ransom the company. After obtaining login credentials from that site, the attackers accessed data stored on an Amazon Web Services account where an archive of rider and driver information existed.

It may weigh on the company's valuation, now at about $70 billion, ahead of an initial public offering expected in 2019.

One of those actions was to terminate the two unnamed employees whose responsibility it was to respond security incidents, including the one that occurred in late 2016. Within hours of the disclosure, a customer filed a lawsuit seeking class-action status, and New York Attorney General Eric Schneiderman launched an investigation.

Hewlett Packard Enterprise -6% on Q4 beats, downside guidance, CEO change
The transaction was disclosed in a filing with the Securities & Exchange Commission, which can be accessed through this link . Hewlett Packard Enterprise Company (NYSE: HPE ) issued an update on its first quarter earnings guidance on Tuesday morning.

Officials remind drivers travel safely this Thanksgiving
More than 2.1 million Ohioans are planning to travel between Wednesday November 22, 2017 and Sunday November 26, 2017. Florida authorities are girding for the onslaught of motorists that take to the roads for the Thanksgiving holiday.

J&K: Three LeT Pakistani Terrorists Gunned Down in Handwara Encounter
His elder brother Musaib was killed in an encounter in the Hajin area of Bandipora district in January this year. Lakhvi is a top leader of the LeT and now serves as its "supreme commander" of operations in Jammu and Kashmir.

There was no indication that any fraud had taken place, Uber said in a statement.

The company's chief security officer Joe Sullivan has parted ways with the company following the announcement, the BBC reports. Regulatory authorities were being notified, the company added.

Uber has always failed to protect driver and passenger data.

If Uber wants to continue its rise across Europe, it has to reverse its attitude to hacks, come clean and work tirelessly to make its protections and reporting systems watertight, said Dean Armstrong QC, cyber law barrister at Setfords Solicitors.

The hack is another controversy for Uber on top of sexual harassment allegations, a lawsuit alleging trade secrets theft and multiple federal criminal probes that culminated in Kalanick's ouster in June.

In terms of scale, Uber's hack doesn't measure up to other major breaches.

Khosrowshahi inherited a litany of scandals and a toxic workplace culture when he replaced Kalanick.

Other reports by GizPress

Discuss This Article