Might sound scary, but recently Uber Technologies confessed that they had paid hackers $100,000 to keep secret, a massive breach last year that exposed the personal information of about 57 million accounts of the ride-service provider.
To this, Uber chief executive Dara Khosrowshahi regarded in a statement acknowledging the breach and cover-up that, “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes”.
Hackers stole all the personal data, including names, email addresses, and phone numbers, as well as the names and driver’s license numbers of about 600,000 drivers in the United States. However, the company assured that more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.
In regard to further justifications, Khosrowshahi regarded that the company had “obtained assurances that the downloaded data had been destroyed” and had improved its security. But, here the company’s “failure to notify affected individuals or regulators” had prompted him to take several steps, including the departure of two of the employees responsible for the company’s 2016 response. This included the Uber chief security officer Joe Sullivan, leaving the enterprise.
Regarding this breach by Uber, many have expressed their views, where an Uber driver in Pittsburgh, Robert Judge, regarded that, he had yet to receive any communication from the company, adding to it that, “The hack and the cover-up is typical Uber only caring about themselves. I found out through the media. Uber doesn’t get out in front of things, they hide them.”
However, Uber regarded in a statement to the drivers that, it would offer those affected free credit monitoring and identity theft protection.
According to Bloomberg, the breach occurred when two hackers obtained login credentials to access data stored on Uber’s Amazon Web Services account. Paul Lipman, CEO of cybersecurity firm BullGuard, regarded that the holding that the fact that the data was being stored unencrypted was “unforgivable”. To this, he added,“That’s just a complete misstep from an information security viewpoint”.
To this entire thing, a spokesperson confirmed that the New York state Attorney General’s office has opened an investigation into the data breach.
Lastly, Khosrowshahi regarded that he had hired Matt Olsen, former general counsel of the U.S. National Security Agency, to restructure the company’s security teams and processes. With this, the company also hired Mandiant, a cybersecurity firm owned by FireEye Inc to investigate the breach.