Uber has admitted that back in 2016, two hackers stole email address and phone numbers of Uber passengers as well as the license plates from US drivers. The ridesharing giant says that no credit card information, location data, or social security information was stolen.
Uber defended the attack by paying the hackers $100,000 to delete the data and brush it under the rug. Bloomberg reports: "Uber said it believes the information was never used but declined to disclose the identities of the attackers". Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement to Bloomberg: "None of this should have happened, and I will not make excuses for it. We are changing the way we do business".
Travis Kalanick, Uber co-founder and former CEO knew of the attacks last year, he said: "Here's how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company".
But don't worry, Uber said it took the appropriate steps to lock down users' data to prevent future attacks.
Uber has released a statement in the meantime, with an apology:
You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. What I learned, particularly around our failure to notify affected individuals or regulators last year, has prompted me to take several actions:
- I've asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward. Effective today, two of the individuals who led the response to this incident are no longer with the company.
- We are individually notifying the drivers whose driver's license numbers were downloaded.
- We are providing these drivers with free credit monitoring and identity theft protection.
- We are notifying regulatory authorities.
- While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection
TT Show Episode 31 - AI-Powered iPhone and PS5 Pro and an AI-Generated Romantic Comedy
NASA is about to make Treasure Planet real with a solar sail mission
AI discovers famous painting wasn't entirely painted by the credited artist
Dubai government responds to claims cloud seeding caused historic flooding
Elgato announces new Neo range that includes plug-and-play Wave, Facecam, Stream Deck, and more
FlexiSpot C7B-Mesh Ergonomic Office Chair Review
Samsung G8 34-inch QD-OLED Gaming Monitor Review - 175Hz for $900
ASRock NUCBOX-155H Mini PC Review
NuPhy Air96 V2 Wireless Mechanical Keyboard Review
TEAM T-FORCE Siren DUO360 RGB Liquid CPU Cooler Review
AVerMedia Live Streamer ULTRA HD Review
AVerMedia Live Gamer 4K 2.1 Review
XPG Invader X Mid-Tower Chassis Review
Intel Core i9-14900KS CPU Review
Arbiter Polar 65 Magnetic Gaming Keyboard Review
Everything you need to know about the latest ASUS NUC Mini PCs - NUC 14 Pro and ROG NUC
How to Overclock Your GPU and Boost Your PC Gaming with ASUS GPU Tweak III
ASUS's AMD Radeon RX 7000 Series GPU lineup has something for every gamer
ASUS OLED Premium Care defends the ROG Swift OLED PG32UCDM gaming monitor from burn-in
Patriot Viper Xtreme 5 Engineering Prototype 48GB Dual-Channel Memory Kit Preview