Uber breach hidden for a year
On Tuesday 21 November 2017 Uber officially annouched that the company had a breach in October 2016 where 57 Million records of Drivre and customer data was stolen.
It includes email addresses, phone numbers, license plate numbers of 600,000 drivers and 57 Million Uber users.
57 Million Customer and Drivers data stolen
Instead of publickly exposing the compromise Uber decided to pay the two hackers $100,000 in ransom who had hacked the company to keep the whole incident secret and delete all information.
This has been revealed by a new report coming out by Bloomberg.
Uber in defense says no systems where breached but the two individuals from the outside without permission accessed and downloaded 57 million Uber users and drivers data via a third party cloud based system.
In the United States at least the license plate numbers of 600,000 Drivers where exposed.
Further more emails, mobile call numbers and names of 57 million Uber users world wide including drivers.
Former CEO Travis Kalanick learned of the compromise in November of 2016 when negotiating with the Federal Trade Commission (FTC) on a privacy settlement.
Instead the company paid the two hackers $100,000 to keep the thing hidden and delete all information.
Uber Technologies Inc. Only Officially notified the FTC about the October 2016 compromise this week on Tuesday 21 November 2017 after the breach was made public by bloomberg.
The secret payment cost the Uber security chiefs their jobs by getting fired for mis handling the incident.
Now the new Uber CEO Dara Khosrowshahi has asked for resignation of Uber CSO Joe Sullivan & another of his deputies Craig Clark who was implicated in keeping the incident attack quiet.
According to Khosrowshahi This should have happeneded & they will not make any excuses for the past.
They are now changing how they do business by putting integrity on code of key decision to gain trust of the customers.
Uber is giving free credit to the affected drivers.
Uber will likely force their customers to reset the password for the app though.