Uber paid hackers $100,000 to hide a major data breach, according to new reports. This breach affected 57 million accounts in 2016, the company stated, exposing phone numbers, rider names, and email addresses. In addition, more than half a million driver license numbers were accessed by the hackers, leaving all of the data — and the individuals it belonged to — at risk.
Uber isn’t the only company to be hit with a major data breach in recently years, of course, but the scandal of hiding it is a different matter altogether. The company has revealed that it has fired its deputy Craig Clark and chief security officer Joe Sullivan.
Fortunately, the hackers weren’t able to access more sensitive information, namely Social Security numbers. Uber customers who were exposed by the data breach will be notified in upcoming days, so be sure to check the email account with which you created your Uber account.
Though details are still rolling in, Bloomberg reports that the hack took place in October 2016. Uber’s new CEO Dara Khosrowshahi, who has the huge task of reversing Uber’s public image after a long series of scandals and criticisms, said, “None of this should have happened, and I will not make excuses for it.”
Rather than reporting the hack to regulators and disclosing it to customers, Uber paid the unnamed hackers $100k to delete the information and keep the matter under wraps. That payment was apparently effective as word of the breach is just now surfacing. New York’s Attorney General has already announced an investigation into the breach.
How did the process happen? The hacking duo are said to have infiltrated a GitHub destination that was being used by Uber engineers. That was used to nab login credentials that got them access to an AWS account where an archive with driver and rider data was found. Rather than releasing that data, the hackers emailed Uber requesting money over it.
SOURCE: Wall Street Journal