Here’s this year’s yet another hacking chapter of hugely popular apps, and this time the victim is Uber, which lets you request rides for you and your friends. Hackers stole the personal data of 57Mn Uber users and drivers, a substantial breach that the company kept hidden for more than a year. This week, the ride-hailing firm fired its chief security officer Jeo Sullivan and one of his assistants for their role in keeping the Uber hack under wraps.
In the fall of 2016, two people outside the company made their way through the personal data of 50Mn Uber users across the globe. The stolen data includes names, email addresses, and phone numbers. The Uber hack also jeopardized the drivers’ license and other confidential information of about 7Mn drivers from Uber Technologies Inc. The firm stated that no credit card information, social security numbers, and trip location details were taken.
According to reports, the embattled company paid $100,000 to delete the stolen data and keep mum, rather than notifying regulators as well as the affected users. At the time of the incident, Uber was discussing with the U.S. regulators inspecting different claims of infringements.
The company now admits that it was its legal responsibility to report the Uber hack to regulators and drivers who license numbers were exposed. Although it believes the stolen data was never used, it refused to reveal the identities of hijackers. Dara Khosrowshahi, who was appointed as CEO in September, said in an emailed statement,
“None of this should have happened, and I will not make excuses for it. We are changing the way we do business.”
After Uber’s revelation, New York’s legal representative Eric Schneiderman started an analysis into the Uber hack. The ride-hailing mogul was also sued for negligence over the violation.
Here’s How the Uber Hack Went Down
The two-man hacker team accessed a private GitHub coding site used by software engineers. Then, attackers used login credentials they obtained and accessed data stored on Amazon Web Services account that handles computing tasks for the company. From there, they found an archive of rider and driver information. Afterward, they emailed Uber asking for money.
According to state and federal laws, it was the ride-sharing firm’s duty to alert people and government agencies when data breaches happen. It has earned a great reputation for providing door-to-door transportation ever since its inception. However, this Uber hack has put its reputation at a risk.
Cyber terrorists have successfully crept into various companies in recent years. Although the Uber breach massive, it’s dominated by infringes at MySpace, Yahoo, Anthem Inc., and Target Corp. What’s more shocking are the severe measures Uber took to conceal the hack.
The San Francisco-based company said it has also tightened security for its cloud-based storage systems. Uber will individually notify drivers whose license numbers were taken and also provide them with free credit-monitoring and recognize theft protection.
You may also like: Best Cyber Monday Deals 2017 You Don’t Want to Miss