Uber covered up a hack that compromised 57 million accounts

Uber was hacked. 50 million rider accounts were accessed. 7 million driver accounts as well. And Uber paid $100,000 to cover it all up.

Uber has revealed that, in late 2016, two hackers stole email addresses and phone numbers from Uber rider accounts, and the license numbers from U.S. driver accounts. Uber claims no credit card information, location data, or social security numbers were compromised. Yet, instead of disclosing the attack when it happened, Uber paid the hackers $100,000 to delete the data and keep it quiet.

From Bloomberg:

Uber said it believes the information was never used but declined to disclose the identities of the attackers.

"None of this should have happened, and I will not make excuses for it," Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. "We are changing the way we do business."

Uber's co-founder and former CEO, Travis Kalanick, learned of the attack a year ago.

Here's how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

The company claims it took steps to lock down its data and prevent any further unauthorized access.

Khosrowshahi has fired chief security officer Joe Sullivan and Craig Clark, a senior lawyer that reported to Sullivan.

from Windows Central - News, Forums, Reviews, Help for Windows Phone http://ift.tt/2zqU6Cs
via IFTTT