Car-hailing service provider Uber paid hackers US$100,000 (about HK$780,000) to conceal a massive breach in 2016, which exposed the data of around 57 million customers and drivers. The massive data breach was first reported by Bloomberg this Tuesday.
The news was then confirmed by the company, which explained that in October 2016, two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that Uber used.
Uber did not confirm details of the hack, but according to Bloomberg, two hackers accessed to a private area of Github, an online resource for developers, and found Uber’s log-in credentials to Amazon Web Services, a B2B cloud computing service that stores data.
The company’s former chief executive Travis Kalanick was informed of the hack about one month after it transpired, but it was not publicly announced, and was concealed by Uber’s chief security officer Joe Sullivan and his subordinates.
Following the news, it’s learned that Sullivan and one of his lieutenants were fired this week.
None of this should have happened, and I will not make excuses for it.
Uber’s chief executive Dara Khosrowshahi(pictured) explained in a release that the hackers found 57 million names, email addresses and mobile phone numbers, in which around 600,000 drivers in the pool had their names and license details exposed.
“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure,” Khosrowshahi said.
“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” he added.
Khosrowshahi claimed that he, like everyone else, had the question why the company was “just talking about this now”, said he had asked for a thorough investigation of what happened and how they handled it, as well as prompted several actions.
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi reassured.
This is not the first time Uber got involved in data breach. Earlier in January this year, Uber was fined US$20,000 for failing to disclose a comparatively less serious breach in 2014.