IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Uber paid $100,000 for hackers' silence over huge data breach

Hackers stole 57 million drivers' and users' details, but Uber didn't say a word

Uber tried to hide a massive data breach, affecting 57 million drivers and users, the company has admitted.

The cover up involved payments of $100,000 (75,000) to the hackers, according to Bloomberg, which broke the news.

The breach happened in October 2016, and encompassed names, email addresses and phone numbers of over 50 million users of the service from around the world. Around 7 million drivers were also affected, with hackers accessing around 600,000 US driver's license numbers.

Reports claim Uber's former chief executive Travis Kalanick has known about the breach for over a year. Kalanick was forced out of the company in June, after months of controversies relating to sexism and poor working practices. He was replaced in August by former Expedia boss, Dara Khosrowshahi.

"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Khosrowshahi said in a statement.

"None of this should have happened, and I will not make excuses for it," he added. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."

In the wake of the revelation, Uber has fired its chief security officer, Joe Sullivan. The company has also set up pages for drivers and riders that may have been affected by the hack. These emphasise that the company has seen no evidence for fraud. It mentions that Uber will offer drivers free credit monitoring and identity theft protection, but doesn't extend this to users of the service.

"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," the page explains.

Two hackers managed to access a private GitHub site for Uber software engineers, according to Bloomberg. They were able to grab login credentials from there, which allowed them to access an Amazon Web Services account for Uber. There they found an archive of driver and user information, and blackmailed the company for money.

Uber has not had a great year, to put it mildly. The resignation of Kalanick was clearly intended to distance the company from mounting claims of allowing a sexist working environment, and came in the wake of reports that Uber's boss in Asia had been fired for obtaining medical records of a woman who had been raped by an Uber driver. The bad news has continued to amount since Khosrowshahi joined the company, however. The ride sharing company has lost its licence to operate in London, and recently lost an appeal in the UK over how its workers should be categorised.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Uber launches infosec hiring spree after attributing breach to LAPSUS$
cyber attacks

Uber launches infosec hiring spree after attributing breach to LAPSUS$

20 Sep 2022
Uber hacked via basic smishing attack
Security

Uber hacked via basic smishing attack

16 Sep 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Uber secures 30-month licence to operate in London
Policy & legislation

Uber secures 30-month licence to operate in London

28 Mar 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022