Hackers also bribed UBER for the amount $100k to STFU. The crime occurred a year ago, hoped you wouldn’t discover out.
CEO of Uber, Dara Khosrowshahi had publicized today, the hackers had broken into their databases and robbed away 57 million people’s personal information including passengers and drivers. The information contains their names, email addresses, and telephone numbers. The information was stolen from UBER’s ride-hailing app and the cyberpunks deprived off with 600,000 US drivers’ data that contained along with their driving license numbers.
And the theft occurred in 2016 – however, biz executives are quiet about the crime somewhat than alert the people.
In a declaration on Tuesday, Khosrowshahi said the impostors retrieved cloud-hosted database stores:
I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure.
At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.
You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.
“Obtained assurances” is a humorous manner of keeping it.
Undoubtedly this is what the chief executive exposed from that investigation of his: during October 2016, two scoundrels rushed from the app biz’s GitHub code repo the sources required to acquire its AWS S3 database stores comprising the above-mentioned personal records, Bloomberg reports. The cyberpunks then insisted for $100,000 from UBER in exchange for their quietness and to demolish all their stolen data of the records.
Somewhat than caution, national and federal authorities of the personal data theft, as is needed by the California upstart, chief of information security, UBER, Joe Sullivan commanded that the cyberpunks be paid off, the robbed data deleted, and the entire thing was done quietly, leaving passengers and drivers none the wiser. The disbursement was cloaked as a virus bounty prize whole with non-disclosure contracts signed up.
Sullivan, formerly a federal prosecutor, and one of his substitutes were exiled from the company as a concern of the new CEO’s enquiry, we’re told. Khosrowshahi, who was connected at the San Francisco-based nonentity over the summer, said stages have now been taken to make sure this sort of conspiracy is certainly not recurring, and that security breaks will be revealed in open in future as mandatory:
While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.
The top boss was adamant that “outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.” He added that the company was monitoring the affected accounts, and has flagged them for “additional fraud protection.” Anyone affected by the hack will be notified, he said.
It’s worth pointing out that while the company is now alerting the authorities, California’s data security breach notification law requires disclosure in “the most expedient time possible and without unreasonable delay.” Ie, not 12 months later.
As well as distress perhaps preparing in Cali over the quietly, New York Attorney General Eric Schneiderman has also revealed an enquiry into UBER’s data theft – by our computation, maybe simply the fifth most awful thing the controversial bad-boy biz has performed the last year.