After year of keeping it secret by hiding information from the public on the data theft that led to over 57 million Uber accounts breached, Uber finally opened up and confirmed that a massive data breach took place late 2016 where the hacker(s) involved stole personal information of both riders and drivers of the company.
The ride- hailing company kept the data theft a secret from the general public for a year after they paid the hackers $100,000 to keep the massive data breach of over 57 million accounts a secret. Uber New CEO Dara Khosrowshahi wrote in a blog post explaining in details what happened with the security incident. The post reads “I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.”
The CEO;s statement also explained that there was no indication that the hackers accessed riders details like trip history, bank account details, date of birth or even social security number because such detail if beached would have made the incident more serious but the company insisted that none of the above details were hacker during the data theft.
According to the post, names and driver’s license number of over 600,000 drivers in United States were stolen and personal information of over 57 million Uber users around the world was also stolen and the information stolen includes names, email addresses, and personal phone numbers of users.
Uber also said that, “the hackers were able to download files containing a significant amount of other information,” though it does not go into detail what this ‘other information’ happens to be. The company claims it has took “immediate steps to shut down and secure the data to prevent further unauthorized access by the hackers.” It also adds that they “obtained assurances that the downloaded data had been destroyed.”
Uber added that they have contacted Matt Olsen on a way forward with data security. Matt Olsen is the co-founder for a cyber security consulting firm and he is also the former general counsel of the national security agency and the director of National Counterterrorism Centre.
The company said it will “individually” alert all drivers whose license number were hacked and downloaded and also give them free credit monitoring and identify theft protection and if any affected users should notice signs of fraud on their hacked account should immediately report or alert them.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
