Uber Paid Hackers $100,000 To Cover Up Data Breach Of Over 5 Crore Passengers And Drivers

The Logical Indian Crew

November 22nd, 2017 / 7:01 PM

Uber

Courtesy: The Reuters, Bloomberg and The Guardian | Image Credits: Hotel Business

According to a report by The Reuters, Uber Technologies Inc. paid hackers $100,000, to keep secret a massive breach last year that exposed the personal information of over 5 crore accounts of passengers and riders, the company said on Tuesday.

Uber concealed the hack which had affected 57 million customers and drivers for more than a year. This week, the cab-hailing firm ousted its chief security and one of his deputies for their roles in keeping the hacks undercover, including the payment to the hackers.


What is the data breach

Compromised data from the breach included names, email addresses and phone numbers of over 50 million Uber riders from around the world. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

At the time of the hacking incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and drivers whose license numbers were taken. The company had, however, paid the hackers and kept quiet about the breach.

Uber claims that the information was never been used and they declined to disclose the names of the hackers.

In a report by the Bloomberg, Dara Khosrowshahi who took over as Chief Executive Officer in September said, “None of this should have happened and I will not make excuses for it,” said in an email. He said that he had recently learnt about the hack. He further added, “While I can’t erase the past, I can commit on behalf every Uber employee that we will learn from our mistakes. We are changing the way in which we do business. We are putting integrity at the core of our every decision we make and working hard to earn the trust of our customers.”

Although payment to hackers is rarely publicly discussed, U.S. Federal Bureau of Investigation officials and private security companies have told Reuters that an increasing number of companies are paying criminal hackers to remove stolen data. Uber has a history of failing to protect customer and driver’s data. Hackers previously stole information about Uber drivers and the company acknowledged in 2014 that its employees had used a software called “God View” to track passengers.


How was the information hacked?

Two hackers got access to proprietary information stored on GitHub. The GitHub is a service which allows engineers to collaborate on software code. Uber said the two hackers stole its  credentials for a separate cloud-service provider from where they were able to download rider’s and driver’s data. A spokesperson from the GitHub said that it was not the failure of GitHub’s security which lead to the hack.

This hack comes as another controversy on top of allegations about sexual harassment and a lawsuit alleging theft of trade secrets. These multiple federal culminated probes resulted in Travis Kalanick’s expulsion in June from the $68 billion startup Uber.


Filing a lawsuit

After Uber disclosed the news on Tuesday, New York Attorney General Eric Schneiderman launched an investigation into the hack, said a report by the Bloomberg. His spokeswoman Amy Spitalnick said, that the company was sued for negligence over the breach by a customer seeking class-action status. “Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,” according to a complaint filed Tuesday in a federal court in Los Angeles. The lawsuit seeks to represent all Uber drivers and customers in the U.S. whose information was stolen.

Representatives of the San Francisco-based company didn’t immediately respond to a request for the comment on the lawsuit.

According to a report by The Guardian, an Uber driver in Pittsburgh, Robert Judge said, “The hack and the cover-up are typical Uber, only caring about themselves. I found out through the media. Uber doesn’t get out in front of things, they hide them.”

Uber assured that its passengers need not worry as there was no evidence of fraud. Uber also said that drivers whose license numbers have been stolen would be offered identity theft protection and credit monitoring.

The Logical Indian community condemns Uber’s act of covering up the data breach. This data breach can pose a threat to millions of drivers and riders who use the app on a daily basis for their commute.


Contributors

Written by : Swarnami Mondal (Intern)

Edited by : Bharat Nayak

Share your thoughts..

Related Stories

Aadhaar Data Leak Challenge

Ethical Hackers Dig Out TRAI Chief’s Personal Data, Deposits Re 1 In Bank Account Too

5.6 Lakh Indian Users Affected By Data Breach; Facebook Introduces Tools For Users To Secure Data

Narendra Modi App Shares Users’ Personal Data With US Firm, Discreetly Changed Privacy Policy After Allegations Of Breach

Ola & Uber Drivers On An Indefinite Strike From Today In Major Cities

virtual id

Amid Allegations Of Data Breach, UIDAI Introduces 16-Digit Virtual ID To Address Privacy Concerns

Rs 30K Crore Maharashtra Farmers’ Loan Waiver Still Unpaid; Banks Hired Students To Enter Data, Risking Breach

Latest on The Logical Indian

Get Inspired

IndiaSkills 2018: An Opportunity For Professionals To Show Their Workplace Skills

Exclusive

Nagaland: “Police Ke Pathshala” For Students To Combat Cybercrime And Social Media Vigilantism

My Social Responsibility

These Two Friends Started Goa’s First Zero-Waste Store To Beat Plastic Pollution At Its Root

News

SC/ST Quota In Job Promotions: Supreme Court Refuses To Refer Case To Larger 7-Judge Bench

News

Public Has Right To Know; Supreme Court To Live Stream Court Proceedings

News

Delhi Ranked 6th In The List Of Fastest Growing, Best Performing Metro Cities In The World: Study

x

Stories that deserve attention, delivered to your inbox!

Handpicked, newsworthy stories which deserve the attention of a rational generation.