It’s been revealed that Uber’s database has been hacked, with the personal information of more than 57 million users and drivers worldwide compromised. That’s a big number, but we are becoming increasingly numb to this kind of revelation, with all the cyber-leaks now making the news. What was the more astounding aspect of this particular incident is the fact it has taken Uber over a year to reveal the security breach – with the attack taking place in October 2016.
Uber says that the hackers were able to download files containing information including the names and driver’s licence numbers of 600,000 drivers in the US, as well as the names, email addresses and phone numbers of millions of users worldwide.
Although Uber has now taken steps to notify the drivers affected by the hack, it’s reported that at the time of the breach, the company paid the hackers USD100,000 to delete the stolen data, and not reveal the breach.
In a statement, Uber CEO Dara Khosrowshani admitted that he became aware of the “inappropriate access [of] user data stored on a third-party cloud-based service” late last year, and that steps were taken to secure the data, and shut down further unauthorised access. However, Mr Khosrowshani noted he has no excuse as to why the massive breach is only being made public now.
For their roles in the cover-up, Uber chief security officer Joe Sullivan and his deputy have been ousted, while Uber says it’s taking “several actions”, including consulting the former general counsel of the US’ National Security Agency to prevent a future data breach.