Uber hid a security breach: even paid hackers $100,000

A CEO of Uber Dara Khosrowshahi (CEO since September) published an article in the Uber Newsroom. She begins with some inspirational words:

“<…> it’s my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of. For that to happen, we have to be honest and transparent as we work to repair our past mistakes.“

What on earth did she mean? Well, probably the massive security breach of Uber: it involved approximately 57 million users of this global transportation company. How did this information slip through the media and the clients themselves?

Uber hacked in 2016

The lack of coverage was simply because Uber never reported it. The popular pick up service probably saw Yahoo as a role model for the way data leakages are supposed to be dealt with.

When, how, and why? More information about the breach

Khosrowshahi explains that an organized attack against Uber had occurred in 2016. Two unknown hackers accessed some highly valuable information via a cloud-based service that Uber exploited. While the hack did not compromise users’ social security numbers, bank account numbers, credit card numbers, it did reveal some information about Uber’s clients.

600,000 names and drivers’ license numbers of people from the US were exposed. In addition to this, data about 57 million users from all over the globe was also obtained, specifically names, email addresses and mobile phone numbers. If a person values its private information, losing these details is difficult enough.

Then, Khosrowshahi quickly moves onto explaining the main changes that the company did to secure their data and their clients. The CEO appears to understand that the situation was not handled appropriately. In fact, she states that a few employees have even been fired.

To compensate for the unfortunate incident and silence about it, Uber is trying to notify all drivers who might have had their information leaked. In addition to this, the company is informing regulatory authorities. Lastly, Uber attempts to detect any attempts to explore the stolen data.

However, the Khosrowshahi’s article lacks one specific detail. She never mentions the $100,000 company had to pay hackers. This transaction was done to have hackers delete the data they stole. While this was done to secure clients’ security, it is unacceptable that the company hid the truth from its customers. In our opinion, Uber will have to regain the trust of its users. Actually, Khosrowshahi has the same idea:

“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers“.

Hope it sticks.

Source: uber.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments