Uber Paid $100,000 Ransom To Hackers To Delete Stolen Data Affecting 57 Million Customers

Uber suffered a data breach back in October 2016 that affected tens of millions of people, and it is just now letting the public know about it, as 2018 rolls into view. This latest incident is yet another black eye for a company that has been beat up in the media over questionable decision making in the past, such as using special software to evade detection from authorities, but better late than never, right?

To be fair, this is not th fault of Uber CEO Dara Khosrowshahi, who recently replace Travis Kalanick as the ridesharing company's boss. And to Khosrowshahi's credit, he responded to knowledge of the security breach with the fury of someone who wants to make it clear that this kind of thing is unacceptable, and will not be tolerated.

Image Source: Wikimedia Commons (Dllu)

"You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. What I learned, particularly around our failure to notify affected individuals or regulators last year, has prompted me to take several actions," Khosrowshahi stated in a blog post.

One of those actions was to terminate the two unnamed employees whose responsibility it was to respond security incidents, including the one that occurred in late 2016. Khosrowshahi has also asked for assistance from Matt Olsen, a co-founder of a cyberscurity consulting firm and former general counsel of the National Security Agency and director of the National Counter

According to Khosrowshahi, forensics experts have not seen any evidence that of trip location history, credit numbers, bank account numbers, Social Security numbers, or dates of birth being compromised. However, the database that was breached did contain names and driver's license numbers of around 600,000 drivers. Furthermore, it contained personal information of 57 million Uber users, including names, email addresses, and phone numbers.

What's especially troubling is the extent to which the two former employees allegedly went to cover up the incident. In total, they made $100,000 in payments to a pair of hackers, Bloomberg reports. The hackers pulled it off by accessing a private GitHub coding site used by Uber software engineers and stealing login credential, which were then used to access data stored on an Amazon Web Services account. After finding an archive of driver and rider information, the attackers emailed Uber demanding money.

Thumbnail Image Credit: Flickr (Elliot Brown)