Hackers of Uber worked their way into the rider service database and heisted the personal information of 57 million customers and drivers. To make matters worse, Uber kept the breach concealed from the public for over a year.
Why does this news belong here? Cybersecurity is no joke, protect your business. Learn from the mistakes of others. Need help? I work with multiple cybersecurity firms.
This week, the ride-carrying firm let the cat out of the bag about the company’s chief security officer and one of the deputies for their part in keeping the massive hack under the radar, which included a whopping $100,000 hush-money payment to the attackers.
Compromised information from the attack in October 2016 involved names, email addresses and phone numbers of over 49 million riders around the world. Information on some seven million drivers was hacked as well, including over 600,000 drivers license numbers belonging to drivers in the U.S.
Was your information compromised in the Uber breach?
The company claims no credit card information, Social Security numbers or details of any trip location were compromised. Although, this information has not been verified.
What Should You Do?
- Keep an eye on credit card the or paypal accounts linked to UBER for unusual activity
- Consider a freeze on your credit report until more information becomes available
When the incident is alleged to have happened, Uber was in heavy negotiation with the U.S. regulators as they were investigating separate violations of privacy.
Uber now claims it has legal obligations to report the massive hack to the drivers whose license were stolen as well to regulators. Other than doing so, Uber paid the hackers $100,000.00 hush-money to keep the breach quiet and delete the data. Uber said it has confidence in the information never was used but refused to reveal the identities of the hackers.
After today’s disclosure, Eric Schneiderman, the attorney for Uber launched an investigation into the breach. The company has also been sued over the violation for negligence by one customer seeking class-action status.
It is no secret that hackers have penetrated numerous businesses in recent years. The Uber security breach, while significant, is dwarfed by those at Anthem, Target, MySpace, and Yahoo. The more alarming part of this is the length that Uber went to hide the attack from the pubic.
Travis Kalanick, former CEO was told of the breach in November 2016, one month after it happened, the company said. Uber had just resolved a lawsuit with the New York attorney general for data security leaks and was processing negotiations with the Federal Trade Commission. The suit was due to the mishandling of customer data.
How did this UBER hack happen?
Here’s how the hack took place: Two hackers gained access to a private GitHub coding website utilized by Ubers engineers and used login credentials they had somehow obtained to gain access. It was through this access to data stored on an Amazon Website Service that performed computer task for the company. Next, the hackers discovered a library of driver and rider data.
At this point, they contacted executives asking for a payout.
A patchwork of federal and state laws require corporations to alert government agencies and the people when there is a data breach. Uber revealed they are also supposed to report the violation of drivers license. However, they failed to do so.
“When the incident happened, we took necessary immediate actions to secure the data and shut down additional illegal access by these individuals,” Khosrowshahi said. “We have employed security actions to confine access to data as we strengthen the control on Ubers cloud-based storage accounts.”
So What Now For Uber After this Massive Hacking?
Uber has garnished a tainted reputation for violation of regulations in places where it has operated in business since 2009. The U.S. alone has at least five open criminal investigations for alleged illicit bribes and theft of IT property. Those familiar with the issues claim, the San Francisco-based business also faces several civil suits.
The U.K.National Crime Agency is also investigating the severity of the breach. Other government agencies, including London, previously have taken the necessary steps to ban the service, due to what they feel is careless behavior by Uber.
Read the official Uber statement here: https://www.uber.com/newsroom/2016-data-incident