This site may earn chapter commissions from the links on this folio. Terms of use.

Uber-Feature

Update (eleven/24/2017):A new report states that far from having just learned almost the breach, Uber CEO Dara Khosrowshahi has known about it since mid-September. Uber, it seems, has no intention of ceasing the consumer-hostile, illegal activities that have typified its culture since its inception. The company has already been hit by two lawsuits since albeit the initial breach and more seem likely to follow given Khosrowshahi's failure to disclose the breach in a timely manner.

Original Story Beneath:

Uber has spent the past year mired in controversy on near every front, from its attempts to evade regulators to lying almost driver earnings, to its alleged theft of trade secrets from Google'due south self-driving car inquiry sectionalisation, Waymo. At present, on height of these charges, there'southward evidence that the company suffered a cataclysmic data breach and paid hackers $100,000 to keep the news out of the media.

Bloomberg reports that the compromised data includes names, addresses, e-mail addresses, and telephone numbers of roughly fifty million Uber users. An boosted seven million drivers were besides impacted, though the data stolen appears to be the same in both cases. Uber had a legal obligation to inform the hack to regulators and the drivers whose driver license numbers were taken. Instead, information technology paid the hackers to delete the data and go along quiet. Neither and so-CEO Travis Kalanick or now-replaced Principal Security Officer informed users of the hack.

Current Uber CEO Dara Khosrowshahi wrote an open letter to Uber customers, noting that the flaw arose when ii individuals exterior the company breached a cloud service provider. According to him, Uber is consulting with outside experts to house up its ain security practices, has fired ii of the people responsible for paying off the hacker squad, including its former CSO, providing free credit monitoring and identity theft protection to impacted drivers, and has notified the advisable authorities.

Uber and Volvo keep to work together on self-driving cars

This hack wasn't exactly rocket science. Bloomberg reports that the attackers accessed a individual Github repository and institute login credentials for Amazon Web Services stored there. Once they had access to the AWS business relationship, they had access to the annal of data and commuter information. They emailed Uber asking for money, and Uber found information technology easier to pay them rather than to disclose the breach. That'southward consequent with Uber's previous methodology — the visitor faces five criminal probes into its conduct and dozens of civil lawsuits. This breach occurred while Uber was negotiating with the FTC over a privacy settlement related to a 2022 breach, simply Uber never informed the bureau that it had been breached again.

Uber has taken a hammering in the by year and continues to lose huge amounts of money. It isn't a sustainable business, absent venture capital funding, and information technology continues to bet on its own long-term success in the self-driving vehicle business as a means of raising capital. Khosrowshahi'due south honesty on the data breach and his quick action to supersede the CSO are a small pace in the right direction, but the visitor will have to do much more to shed the unsavory reputation it's congenital for itself.