Uber today has officially disclosed a massive data breach that affected some 57 million users. As noted in a report from Bloomberg, the breach originally occurred in October of 2016, with Uber working to conceal it for a year…
Of the 57 million affected users, 50 million were riders and the other 7 million drivers. The leaked information included names, email addresses, and phone numbers. Additionally, the license numbers of 600,000 drivers were exposed during the breach. Uber says no Social Security numbers or location data was involved.
Travis Kalanick, Uber co-founder and former CEO, was made aware of the breach in November 2016. Around that same time, the company was in the midst of settling issues with both the New York attorney general and the FTC over the handling of the customer data. Thus, instead of properly disclosing the breach, which it was under legal obligation to do, Uber paid the hackers $100,000 to delete the data and stay quiet.
Uber’s new CEO, Dara Khosrowshahi, responded to the news of the hack today and said “none of this should have happened” and reiterated Uber’s efforts to change how it does business.
“None of this should have happened, and I will not make excuses for it. We are changing the way we do business. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said in the emailed statement.
Bloomberg explains that the hackers were able to access a private GitHub site used by software engineers at Uber, and used login credentials found there to access additional data stored on an Amazon Web Services account:
Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information.
Under Khosrowshahi, Uber has been working to restore its reputation after a series of missteps with previous leadership. Uber has faced scrutiny for its location sharing habits on iOS and other privacy concerns. Most recently, the company launched a new Barclays-backed credit card in an effort to increase trustworthiness.