Published: Thu, November 23, 2017
Finance | By Kristine Clayton

Uber Paid Hackers to Hide Exposed Data of 57 Million Users

Uber Paid Hackers to Hide Exposed Data of 57 Million Users

Hackers have stolen personal data for 57 million Uber customers and drivers, the ride-hailing company said Tuesday.

Part of the reason nothing malicious has happened is because Uber acknowledges paying the hackers $100,000 to destroy the stolen information.

The real kicker is that Uber didn't disclose this breach at all.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday.

Uber said on Wednesday that it has been in touch with the U.S. Federal Trade Commission (FTC) and several states to discuss a hack previous year that exposed data on millions of customers and drivers, the latest scandal to rock the ride-hailing firm. "Companies like Uber will not be able to hide the breaches of our personal data from us or face penalty", she said, without mentioning a sum for an European Union fine for Uber. Thus, instead of properly disclosing the breach, which it was under legal obligation to do, Uber paid the hackers $100,000 to delete the data and stay quiet.

Uber's former CEO Travis Kalanick, who was ousted in June of this year, reportedly knew about the hack shortly after it happened.

Although the Uber breach likely has global implications, its potential effect on Australian users and drivers led Pilgrim to quickly make enquiries with Uber, his office said in a statement.

News of the leak comes on the heels of revelations the Australian Broadcasting Corporation accidentally exposed Amazon Web Services S3 bucket containing a large amount of user data - an error that also recently led to almost 50,000 Australians' PII being leaked online by a government contractor.

Khosrowshahi also said that he can't erase the past but the company will learn from its mistakes.

At the time of the data breach, Uber was negotiating with US regulators investigating separate claims of privacy violations.

Two hackers managed to access personal information they stole from a "third-party cloud-based service".

That pledge shouldn't excuse Uber's previous regime for its egregious behavior, said Sam Curry, chief security officer for the computer security firm Cybereason.

The Uber chief said he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a "significant" amount of information.

Uber has always failed to protect driver and passenger data. Uber may have violated Californian breach disclosure laws as well. From there, the hackers discovered an archive of rider and driver information.

It's easy to look at the Uber data breach and its ensuing cover-up and localize it to Uber's rotten corporate culture. While Khosrowshahi is promising change, Kalanick's place in a leadership role serves as a reminder they are keeping someone who signed off on controversial issues tied to the company.

Like this: