Uber has revealed that it kept a 2016 hack affecting 57 million customers and 7 million drivers under wraps. The ride-hailing startup has confirmed that it paid $100,000 to attackers to plug the leak.
Uber has revealed that it paid $100,000 to hackers who stole personal data of 57 million customers and 7 million drivers in 2016. The company had kept details of this massive breach of its platform under wraps for more than a year. Uber is now coming clean on this security breach by revealing that some personal information of 57 million Uber users and 7 million drivers around the world was exposed. It adds that information included names, email addresses and mobile phone numbers. The hackers also got hold of names and drivers' license numbers of around 6,00,000 drivers in the United States.
The information regarding this breach from more than a year ago came in the form of an official blog post from new Uber CEO Dara Khosrowshahi. Khosrowshahi writes that two individuals outside the company had inappropriately accessed the user data stored on a third-party cloud service used by the company. He adds that outside forensics experts have verified that hackers did not have access to information like trip location history, credit card numbers, bank account numbers or social security numbers of its US customers. The incident also did not breach its corporate system or infrastructure.
In the light of this breach, Uber took steps to secure the user data and shut down further unauthorised access to its system by the individuals. It also identified the individuals and obtained assurances that the data accessed by them had been destroyed. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts," Khosrowshahi wrote in his post.
Uber, the ride-hailing startup has ousted Joe Sullivan, its Chief Security Officer and another executive for not disclosing the hack. The company has also taken efforts to ensure that such a breach doesn't occur in the future and is individually notifying the drivers whose license numbers were accessed by the attackers. It is also notifying the regulatory authorities about the leak and Bloomberg reports that New York Attorney General Eric Schneiderman has also initiated an independent investigation into the hack.
Uber has had a relatively tough year with its co-founder and CEO Travis Kalanick being forced to leave the company after reports emerged about his misconduct and toxic workplace culture. In the past year, Uber's attempt to fool Apple by geofencing its campus and running controversial 'Hell' tracking program have also come into light.
Since taking over as CEO in September, Khosrowshahi has tried to set the records straight and change the culture. "None of this should have happened, and I will not make excuses for it," he says in the blog post. Uber is embroiled in multiple lawsuits in New York and its service has been suspended by London with other governments expected to follow suit as well. The new revelations are expected to complicate the matters further especially in times when the company is seen to have changed the course of law.