Uber Paid Hackers $100,000 to Hide a Major Data Breach

Hackers had access to personal data belonging to 57 million customers and drivers.

Uber HQ
Getty

Sign with logo at the headquarters of car-sharing technology company Uber in the South of Market (SoMa) neighborhood of San Francisco, California, with red vehicle visible in the background parked on Market Street, October 13, 2017. SoMa is known for having one of the highest concentrations of technology companies and startups of any region worldwide. (Photo by Smith Collection/Gado/Getty Images)

Uber HQ

In October of 2016, hackers successfully stole personal information belonging to 57 million Uber customers and drivers. Oh, you weren’t aware of this? That’s because the company didn't alert authorities or those who were affected. In fact, Uber paid the hackers $100,000 to keep the data breach under wraps.

Company officials admitted to the cover-up in a recent Bloomberg report.

"None of this should have happened, and I will not make excuses for it," Uber CEO Dara Khosrowshahi, told the publication in an emailed statement. "We are changing the way we do business."

The stolen information included names, addresses, phone numbers, and emails of 50 million people around the world who have used the service. The hack also exposed the names and driver's license numbers of the company’s 7 million drivers (600,000 drivers in the U.S.).

Uber’s former CEO Travis Kalanick, who was ousted in June of this year, reportedly knew about the hack shortly after it happened.

"You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it," Khosrowshahi wrote in a blog post. "What I learned, particularly around our failure to notify affected individuals or regulators last year, has prompted me to take several actions."

One of those actions was terminating two employees "who led the response to this incident."

According to Bloomberg, the hackers were able to steal the information by breaking into the accounts of two Uber engineers by using the GitHub coding site. After they found the rider and driver data, they contacted the company and demanded money.

"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," Khosrowshahi wrote. "We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."

Uber said they haven’t seen evidence of fraud related to the breach, but are monitoring affected accounts. To learn more about the breach, including how to report any unusual activity on your account, click here

Latest in Life