Uber Data On 57 Million People Stolen In Massive Hack

November 22, 2017

from NPR:


The ride-hailing service Uber revealed that the personal information of 57 million people — both customers and drivers — was hacked last year and that the company kept the massive theft secret for more than a year.


Uber also paid the hackers $100,000 to delete the stolen data and stay silent about it.


The hack, first reported by Bloomberg, was confirmed in a blog post by Uber CEO Dara Khosrowshahi. He said that in 2016, the hackers obtained the names, email addresses and mobile phone numbers of 57 million Uber users. The driver's licenses of about 600,000 Uber drivers in the U.S. also were stolen.


Khosrowshahi said the company's outside forensics experts see no evidence that the hackers got access to Uber users' trip location history, credit card numbers, bank accounts, Social Security numbers or dates of birth.


The CEO said he had "recently learned" of the massive hack, but he wasn't more specific about what he knew and when.


A source close to the company confirmed to NPR that Uber officials paid hackers $100,000 to delete the data and keep the breach secret. The source also said chief security officer Joe Sullivan and one of his lieutenants were terminated this week.


However, Uber declined to confirm how it knew that the data was, in fact, deleted by the hackers.

As NPR's Aarti Shahani reported on All Things Considered, Sullivan was the apparent mastermind of the cover-up.


"He's a former federal prosecutor — a former public servant — and he had an interesting approach to his job. For example, he felt it was OK for Uber to start using the sensors on drivers' smartphones to track how they drive, how they perform on the job — even though many drivers were not aware of this practice and didn't like it. Turns out he didn't feel an obligation to disclose to them their data was taken either."


In his post, Khosrowshahi said that Uber is contacting all of the drivers whose driver's license numbers were downloaded and providing them with free credit monitoring and identity theft protection.


He also concluded with a contrite tone:


"None of this should have happened, and I will not make excuses for it. While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."


Share on Facebook
Share on Twitter
Please reload

Disclaimer: BDSC works hard to bring quality material to our members and provide proper credit to the original author(s) via links to sources. Since much of our website is made of user-generated content, we can't always verify these sources. If you believe we have used your copyrighted content without permission, send us an email and we will remove it immediately or provide proper attribution to the material (your preference).

September 21, 2018

Please reload

  • Facebook Social Icon
  • Instagram Social Icon
  • Pinterest Social Icon
  • Twitter Social Icon

Knowledge is Power