Uber hid the personal data breach of 57 million users and drivers
Uber has just revealed that a cyber attack caused the data leak of more than 57 million customers and drivers in October 2016. At the time, former CEO Travis Kalanick and Chief Security Officer Joe Sullivan paid 100,000 dollars to hackers to have the stolen data erased and did everything to cover it up.
In 2016, hackers stole the personal data of more than 57 million Uber Technologies Inc. customers and drivers. The names, email addresses and phone numbers of more than 50 million Uber customers worldwide were leaked , as well as the personal information of 7 million drivers including the driver’s license numbers of 600,000 American drivers. The firm said the data was never used. Uber also confirms that social security numbers, credit card information and details of errands have not been stolen.
Uber paid hackers $ 100,000 to cover up this massive data breach
In detail, two hackers reached the private GitHub site used by Uber software engineers, then used the identifiers retrieved from this site to access the data stored on the Amazon Web Services account used by the firm . This is how cybercriminals got their hands on an archive containing information on drivers and customers. They then contacted Uber to demand a ransom.
For more than a year, the firm hid this data leak, but the truth has just come to light. Uber ended up revealing this dark matter to the American site Bloomberg on its own. Following this revelation, the Chief Security Officer of Uber, Joe Sullivan, has just been fired like one of his subordinates. The two men are accused of having played a key role in the affair, and in particular of having paid 100,000 dollars to the hackers, whose identity Uber refuses to reveal the identity .
Joe Sullivan joined Uber in 2015 after previously working for Facebook Inc. At the heart of previous controversies that struck Uber, Sullivan and his security team were investigated by the board of directors . It was this investigation that uncovered the existence of this data leak and the schemes implemented to hide its existence.
New Uber CEO inherits scandal hidden by predecessor
Dara Khosrowshahi, CEO of Uber since September, recognizes that all these events should never have happened and will not look for excuses. The business manager specifies however that the firm is changing its business model so that this kind of incident never occurs again. Khosrowshahi also claims that the firm directly secured access to the data as soon as the leak occurred. The cloud security Uber was also strengthened following the incident. In any event, a class action has been launched against Uber for negligence towards its customers.
This is not the first time that a large American company has been the subject of a data leak. In the past, companies such as Yahoo, Myspace, Target Corps, Anthem Inc and Equifax Inc have also experienced such incidents. However, the scale of the leak, and especially the measures taken by Uber and the CEO at the time Travis Kalanick to cover up the cyber attack are extremely serious. The co-founder and former CEO of Uber, Kalanick, would have learned of this leak in November 2016, a month after the attack. The man today refuses to comment on the case.