November 22, 2017 by

Uber Paid Hackers $100,000, Hid Data Breach Affecting 57 Million Uber Users

Hackers stole the personal data of 57 million Uber customers and drivers in a major data breach in 2016, new Uber CEO Dara Khosrowshahi has disclosed, seemingly in a move of good faith.

In a blog post, Uber’s new CEO has announced details of a hack that affected the ride-hailing giant’s users in 2016. The new CEO said he became aware of the hack *after* taking over as chief executive earlier this year before ordering an internal investigation over its handling.

The new CEO pointed to two individuals outside the company who had “inappropriately accessed user data stored on a third-party cloud-based service” as the perpetrators of the massive breach. The company hired digital forensics experts who determined that no trip location history, credit card numbers, bank account numbers, social security numbers or dates of birth of users being stolen.

While the Uber executive claimed the breach did not affect any corporate systems or infrastructure, the personal information of 57 million Uber users around the world whose information included names, email addresses, and phone numbers were stolen. So too were the names and driver’s license numbers of around 600,000 drivers in the United States.

The executive went on to claim that Uber took “immediate steps” to secure the data and stop other attempts by the hackers to access its data. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed,” Khosrowshahi said. The company told NBC News that it paid the two hackers $100,000 to delete the information and keep quiet about the situation.

Uber adds that it is individually notifying drivers whose license numbers were downloaded, providing them free credit monitoring and identity theft protection. Regulators, who were not notified of the incident, are also being informed now.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi added. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

Following Uber’s disclosure, New York State Attorney General Eric Schneiderman has opened an investigation into the company’s cover-up of the incident. Separately, the Los Angeles federal court saw a compliant seeking a class-action status lawsuit where a customer is suing Uber for negligence.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Uber Paid 20-Year-old Florida Man to Destroy Data as ‘Bug Bounty’ Program

Uber has reportedly paid $100,000 as a pay-off to a hacker who stole the personal data of some 57...

Read more arrow_forward