The personal data of least 57 million customers and drivers from the highly popular company Uber Technologies Inc. was stolen by hackers in October 2016 and the company not only paid the criminals who took their customers data but also subsequently illegally covered up the the hack itself.
News of the hack has reverberated around the world after a Bloomberg report revealed the stunning details and, in response, the company fired its chief security officer and one of his deputies for their role in what amounted to an illegal scheme to cover-up the hack that included a $100,000 payment to the hackers in return for a promise to “delete” the data and keep quiet about it.
According to Bloomberg:
Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday.
The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.
At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken.
Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.
Take note that at the time of the hack Uber was already dealing with investigations into privacy violations and news of a new hack would have been devastating for the company. It is also extremely unlikely that a hack of this magnitude was not known throughout the entire upper echelon of Uber. Make no mistake, this was a concerted effort and amounted to a crime under federal and state laws.
In a statement the companies new chief executive officer, Dara Khosrowshahi, (most likely worried about an impending federal investigation) said there were no excuses for Uber’s actions.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said. “We are changing the way we do business.”
The Bloomberg report continued:
Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said.
Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.
Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year.
Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.
Bloomberg also detailed exactly how the attack went down while revealing that the cover-up was indeed a crime:
Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company.
From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.
A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.
Amazingly, the company is apparently banking on a former general counsel at the National Security Agency, Matt Olsen, to restructure its security teams and ostensibly provide greater transparency.
Apparently Uber isn’t aware that the NSA is one of the most secretive organizations in the entire world.
Uber are just absolute pieces of shit! If someone in my company had done anything like this, he/she would be fired and face criminal charges. Why the f#$% hire someone like Uber to get you around? Save up some money and get your own car. Makes you wonder if that other cab service called Lyft isn’t the same way.
“save up some money and get your own car”
This sage advice from someone who buys second hand clunkers and pays a garage to repair them!
People use a taxi service for diverse reasons clunkhead! Could save you your licence (and lives). Saves long term parking fees at airports, gives the unskilled a wage (of sorts) etc. Think about it!
No doubt, BH. The title should read; “It’s no shock that another large company was caught doing damned illegal things to screw Americans.”
So Uber is asking the NATIONAL SECURITY AGENCY to help them? The same NSA everyone in the Beltway called No Such Agency? REALLY? They want NSA to help them get their shit together? Like the last sentence in the article says, NSA is one of the most secretive organizations in the world.
Yet ANOTHER mysterious Clinton death.What number is this one now? 896?
“…A wealthy Democratic mega-donor who co-founded the Ready for Hillary PAC, which helped launch Hillary Clinton’s 2016 campaign for the White House, has died of a gunshot wound to the head after “a sudden onset and battle with a mental health issue,” his family says.
Steve Mostyn, a 46-year-old Texas trial lawyer who reportedly contributed millions to pro-Clinton super PACs, was found dead in his Houston home on Nov. 15. Mostyn’s death was ruled a suicide by the Harris County Institute of Forensic Sciences. According to the New York Times, Mostyn’s wife, Amber, said her husband died after a “sudden onset (what ????) and battle with a mental health issue.”
Cited from http://www.wnd.com/2017/11/clinton-mega-donor-dies-of-gunshot-wound-to-head/
Snitch reporting agency Equifax knew about it’s breach for five months before the public found out. Nobody gave these snitch credit reporting agencies permission to have people’s personal information. They even have drivers license info on some consumers. Stop using credit and your score will go down and insurance will go up. Insurance companies benefit from this snitch scam.
Does anyone with more than half a brain believe that the Hackers “deleted” or rather “destroyed” the personal data from 57 million accounts, worth many tens of millions of dollars for a measly $100,000 ???
LMFAO !!! GMAFB !!! 🙂
When I was a kid, my parents taught me to never take rides from strangers.
What the fuck happened to this country?
The government IS NOT your parent. The government IS NOT God and never will replace God.
Maybe the “get their shit together ” is not that the NSA will help them prevent another hack, but show them how to make it so nobody can discover the hack.
Speaking as an IT – when the hell will people grasp just what the digital world is? It is data. Quadrillions, if not more, switches – registers of switches – banks upon banks of registers. And all that data has a value in terms of the information it represents. Its convenience is only to those who possess the data, can use, can manipulate and base economic desisions upon that data; not, to those who provide it. People think it is used by them to ‘connect’, to ease some task, to become more efficient. But all things have a price. In the digital world, you – your information – is the price you will pay.
Only a fool would believe that digital data is ‘deleted’. How stupid do they think Uber customers are? Oh…. makes perfect sense.
Under Communism, a given amount of people would be kept unemployed, or underemployed, and were thought to be pressured, by their desperate living situation, to take menial work, on demand. It was called the labor or industrial army.
Uber seems to have created a state monopoly, or has useful connections, at the top —
“the company is apparently banking on a former general counsel at the National Security Agency”
Yet, blame their problems on the itinerant savages, who work for them.
Why do you believe this was a leak, and the movement of funds was involuntary.