Uber has had somewhat of a rough year and is under a lot of negative press at the moment. The latest news out of the ride-sharing service looks like it will add coal to the fire. The company has now revealed that the security of their service was breached roughly a year ago and that the hackers were paid around one hundred thousand US Dollars to delete the information they had acquired.
When did this hack at Uber happen?
The hack happened during the month of October in 2016. Two hackers are thought to have gained access to an archive of rider and driver information. This data was present in the Amazon Web Services servers that maintain computing tasks for the ride-sharing service. They got their hands on the login information via a private GitHub coding site.
These individuals then contacted Uber. The announced that they possessed sensitive information on riders as well as drivers. The information they had included email addresses, phone numbers and more importantly, the license numbers of six hundred thousand drivers employed at Uber. On the plus side, information like Social Security numbers and credit card details were withheld.
When such breaches occur, companies are mandated to inform people and government agencies. However, Uber took another route. They decided to pay the hackers to delete the information and kept everything under the sheets.
The current CEO believes the information was never used and had the following to say.
At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.
The company also recruited former National Security Agency general counsel Matt Olsen to further strengthen its cybersecurity division to present a reoccurrence. While the effects of it have now been neutralized, the company faces new problems.
A lawsuit was filed in federal court in Los Angeles against Uber for its failure to “implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach.”