Uber gave hackers US$ 100,000 to conceal misappropriation of data which involved 57 million accounts
BEAM22 Nov, 2017
Uber acknowledged in a claim that 2 hackers attained access to 57 million personal user data located globally and some 600,000 US drivers' data, that was kept on a 3rd-party cloud storage. The on-demand ride hailing company held this secret for around 1 year.
The information of user account included names, email addresses and cellphone numbers; Uber stated that its own forensic team didn't suggest that other data like location history or credit card numbers were stolen. Hence, the company is not urging affected account holders to perform any measures to secure themselves at this moment.
Uber explained that it would inform drivers whose driver's licence info were stolen, and accommodate them with free credit tracking as well as identity theft protection.
However, in late 2016, Uber paid the hackers $100,000 in ransom to erase their copy of the stolen data; the company then made them sign Non-Disclosure Agreements and masqueraded the entire incident as part of a bug bounty program.
The data theft occurred during the tenure of ex-Chief Security Officer Joe Sullivan; formerly the Head of Security for Facebook.
Uber's former CEO Travis Kalanick had been removed from his role before this hack occurred and a successor hadn't yet been hired; he was serving on Uber's Board of Directors during the time.
This isn't actually the very first time Uber's been breached; it was attacked once in May 2014, when 50,000 drivers' information were stolen. Nevertheless, it's the very first major incident that recently appointed CEO Dara Khosrowshahi has had to resolve since he accepted the mantle at the end of August.