After year of keeping it secret by hiding information from the public on the data theft that led to over 57 million Uber accounts breached, Uber finally opened up and confirmed that a massive data breach took place late 2016 where the hacker(s) involved stole personal information of both riders and drivers of the company.
The ride- hailing company kept the data theft a secret from the general public for a year after they paid the hackers $100,000 to keep the massive data breach of over 57 million accounts a secret. Uber New CEO Dara Khosrowshahi wrote in a blog post explaining in details what happened with the security incident. The post reads “I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.”
The CEO;s statement also explained that there was no indication that the hackers accessed riders details like trip history, bank account details, date of birth or even social security number because such detail if beached would have made the incident more serious but the company insisted that none of the above details were hacker during the data theft.
So what did hackers manage to steal from Uber?
According to the post, names and driver’s license number of over 600,000 drivers in United States were stolen and personal information of over 57 million Uber users around the world was also stolen and the information stolen includes names, email addresses, and personal phone numbers of users.
Uber also said that, “the hackers were able to download files containing a significant amount of other information,” though it does not go into detail what this ‘other information’ happens to be. The company claims it has took “immediate steps to shut down and secure the data to prevent further unauthorized access by the hackers.” It also adds that they “obtained assurances that the downloaded data had been destroyed.”
Uber added that they have contacted Matt Olsen on a way forward with data security. Matt Olsen is the co-founder for a cyber security consulting firm and he is also the former general counsel of the national security agency and the director of National Counterterrorism Centre.
The company said it will “individually” alert all drivers whose license number were hacked and downloaded and also give them free credit monitoring and identify theft protection and if any affected users should notice signs of fraud on their hacked account should immediately report or alert them.