Uber has found itself in the midst of another mess that happened more than a year ago. It has been a data breach severe enough to have compromised the details of more than 57 million of its drivers and users worldwide.
If that is not enough, the ride hailing firm also tried to keep the hack a secret by striking a deal with the hackers, paying $100,000 to them in return for erasing all information that they had gained access to, Bloomberg reported. That again is in gross violation of existing laws that makes it mandatory for the company to report any hack of this massive a scale.
Uber said the details that the hackers managed to lay their hands on include the names, email addresses and phone numbers of its customers all over the world. Plus, they also had stolen the names, email ids of 7 million of Uber’s drivers worldwide, including the driver’s license numbers of around 600,000 in the United States.
The hack is believed to be the handiwork of just two individuals who didn’t attack any of Uber’s own facilities. Instead, they had gone for the Amazon Web Services cloud storage facility that Uber used to store its records. For this, they are known to have targeted a Github page that several of Uber’s IT engineers had set up,the login in details of which the hackers had managed to steal. They used the same to then break into Uber’s AWS facilities.
CEO Dara Khosrowshahi who is heading the company since September expressed disappointment at the hacking incident as well as the manner it was handled. The company has since sacked Joe Sullivan, the chief security officer who personally handled the entire hacking saga along with one of his deputies.
Khosrowshahi meanwhile assured both investors, drivers and customers that the company stands commited to do all that is needed to prevent a repeat of the same. He also announced all driver whose lincence details have been exposed stands to benefit from a free credit monitoring and fraud protection.