Uber admits to covering up cyberattack that affected 57 million users

Share

A pair of hackers discovered the archive of 57 million Uber riders and drivers and stole names, email addresses, phone numbers as well as driver's license numbers of 600,000 Uber drivers.

New Uber boss Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August, confirmed two employees responsible for its response to the hack had been fired.

"The truly scary thing here is that Uber paid a bribe, essentially a ransom to make this breach go away, and they acted as if they were above the law", Curry said.

State and national governments around the world are investigating whether the company violated laws requiring the disclosure of major breaches to customers and legal authorities.

Over half admitted that they weren't aware of the situation prior to being asked by Egress, however, having been made aware of the fact that Uber tried to cover up the breach, more than half (53 percent) of respondents say it has made them want to stop using the taxi app.

Corporate cover-ups of often-serious data breaches are all too common, RSA APJ chief cyber security advisor Len Kleinman recently told CSO Australia while warning that "if you were involved in this space and managing incidents, you would be aghast at how much is actually kept quiet or swept under the carpets".

"We are working closely with other agencies including the [National Crime Agency] NCA and [Information Commissioner's Office] ICO to investigate how this breach has affected people in the United Kingdom and advise on appropriate mitigation measures", the spokesperson said, but added that the NCSC has seen no evidence that financial details have been compromised.

"Cloud services, such as AWS, are secured with SSH [secure shell] keys that are often outside the control of security teams", said Kevin Bocek, vice-president of security strategy and risk intelligence at Venafi.

AC/DC Guitarist Malcolm Young is Dead at 64
Rhythm guitarist Malcolm Young from Australian rock band AC/DC posed in a studio in London in August 1979. With enormous dedication and commitment he was the driving force behind the band.

"Research we conducted this year showed that in just the first half of 2017, 65% of organisations fell victim to malware-related breaches and 55% experienced phishing-initiated breaches". Uber said it believes the information was never used but declined to disclose the identities of the attackers. "Deliberately concealing breaches from regulators and citizens could attract higher fines for companies", said Dipple-Johnson.

In September, the agency revealed its EDGAR system, a platform that pools financial reports on publicly traded companies, has been breached in 2016.

"They've stopped it, they took care it, I'm still gonna drive", said Uber driver Bobby Bennett. Fifty-seven million people is a significant chunk of Uber's user base, which hit 40 million monthly active riders a year ago.

The New York attorney general has opened an investigation.

Grossman says the breach may not change consumer behavior, but it will be costly for the company.

The severity of the incident was compounded amidst revelations that the company had paid $US100,000 ($A132,000) to the hackers to delete the data.

Bloomberg reported that Joe Sullivan, Uber's chief security officer, is no longer with the company.

Share