Uber paid off hackers in attempt to hide theft

Violet Tucker
November 23, 2017

On Tuesday, Bloomberg revealed that Uber paid hackers $100,000 to hide a cyber attack that exposed the personal data of 57 million users of the app in October 2016.

But, they didn't say a word about it.

Uber's former CEO Travis Kalanick, who was ousted in June of this year, reportedly knew about the hack shortly after it happened.

Uber insists that location history, bank account numbers, dates of birth and credit card number information was not compromised. The stolen data included 600,000 United States drivers' licence numbers, but no social security numbers, trip locations or other data.

Khosrowshahi adds that they are individually notifying drivers whose license numbers were exposed and providing them with free credit monitoring and identity theft protection. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes", Khosrowshahi said in the emailed statement. At the time Uber had settled a suit about data security disclosures and was negotiating with the US Federal Trade Commission about how it handled consumer data.

Like this story? Share it!

The company's chief security officer Joe Sullivan has parted ways with the company following the announcement, the BBC reports. "The incident did not breach our corporate systems or infrastructure", Khosrowshahi said.

Palestinians 'freeze' contacts with U.S. over DC office shutdown - minister
A report Saturday said the Trump administration threatened to close down the group's office in Washington. It raises questions about the veracity of the anticipated US Middle East peace plan.

Trump to LaVar Ball: 'I should have left them in jail!'
He later wrote: "Shoplifting is a very big deal in China, as it should be (5-10 years in jail), but not to father LaVar". Should have gotten his son out during my next trip to China instead. "I'm happy with how things were handled".

Grigor Dimitrov cruises, David Goffin will play Roger Federer
Grigor Dimitrov's talent took him to the brink of his biggest career win - but he needed more than that to get over the line. That's what I didn't do today.' He will still end the year in the top-five of the ATP rankings.

Uber would not confirm it paid this ransom.

Such poor practices contributed to the Uber breach, with Khosrowshahi saying that the company had "implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts".

Despite the fact this happened over a year ago, Uber chose to keep it a secret from the public.

That decision evidently came despite a promise by the firm to "adopt leading data security protection practices" in a settlement with NY attorney general Eric Schneiderman. "We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed".

"Effective today, two of the individuals who led the response to this incident are no longer with the company", he said.

After they found the rider and driver data, they contacted the company and demanded money. "Facing thousands of attacks daily, or even tens of thousands, it's a matter of when - not if - a breach will occur", said Gary Weiss, senior vice-president and general manager of the Security, Discovery and Analytics Business Unit at information management software firm OpenText. The hack introduces an unexpected factor in negotiations between SoftBank Group Corp. and Uber shareholders over a planned investment of as much as $10 billion, a deal Khosrowshahi has been championing.

Other reports by Guamnewswatch

Discuss This Article

FOLLOW OUR NEWSPAPER