Skip to main content

Uber Security Chief Is Out after Coverup of Massive Hack Is Revealed

Personal details for some 57 million Uber customers and 600,000 drivers were stolen by hackers over a year ago, the company revealed yesterday. Rather than reporting the incident as required by law, two higher-ups on Uber's security team paid the attackers $100,000 to keep quiet about the breach.

Those two employees, including chief security officer Joe Sullivan, are no longer with the company as of this week, according to CEO Dara Khosrowshahi.

Uber boosted security measures after the breach came to light and has since brought on a cybersecurity consultant to advise on other steps to take going forward, Khosrowshahi said in a blog post yesterday. While Uber said there have been no signs to date that the stolen data has been used for fraudulent purposes, Khosrowshahi said the company is notifying affected drivers and providing them with free credit monitoring and identity theft protection.

Affected riders have also been flagged for additional fraud protection, although they don't need to take any other action beyond regularly monitoring their credit and accounts, the company said.

Latest in a String of Damaging Developments

Long held up as an example of a wildly successful "disruptive" technology company, Uber has been hit by one PR disaster after another over the past year. Reports about widespread sexual harassment and discrimination at the company led founder/CEO Travis Kalanick to resign in June. The company has also faced state and federal investigations related to its use of "Greyball" software to evade regulators, and was told in September that London's transport agency would not renew the company's private hire operator license because it was "not fit and proper."

This week's revelations that the company covered the hack have added to the challenges Khosrowshahi now faces in trying to repair Uber's reputation.

In a blog post yesterday, Khosrowshahi said he only recently learned of the data breach, which occurred in 2016. The hack by two unnamed individuals outside of the company didn't affect corporate systems or infrastructure, he said. But the hack did involve unauthorized access to user data on a third-party cloud service, identified by Bloomberg and other news outlets as Amazon Web Service.

"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded," Khosrowshahi noted. "However, the individuals were able to download files containing a significant amount of other information..."

That information included the names and license numbers of 600,000 drivers in the U.S., as well as the names, email addresses, and mobile phone numbers of 57 million Uber customers around the world.

"At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals," Khosrowshahi said. "We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."

'None of This Should Have Happened'

The 2016 data breach was discovered after the board of directors launched an investigation into the actions of Uber's security team, according to a report yesterday in Bloomberg, The law firm commissioned to lead the investigation discovered both the breach and the team's failure to disclose the incident.

"None of this should have happened, and I will not make excuses for it," Khosrowshahi said in his blog post. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."

On Twitter today, U.S. security writer Brian Krebs asked what made Uber's $100,000 payout to the hackers different from the ransoms other companies have paid to unlock system data encrypted by ransomware. Several commenters responded by noting that unlike companies hit by ransomware, Uber's business was never interrupted by the breach and that the company failed in its obligation to notify victims and regulators when it discovered the hack.

While a hack is bad enough, covering up such an incident is even worse, U.K. security writer Graham Cluley said yesterday.

"No doubt regulators will also be asking tough questions about why it wasn't informed about the breach until this week," Cluley wrote on his blog. "You can ask forgiveness for being hacked, but many people will find it harder to forgive and forget if you deliberately concealed the truth from them."

Comments

Popular posts from this blog

Game-changing SEO trends that will dominate 2018.

Changing nature of the rules of the game. As search engines strive to improve the quality of search results, some ranking factors shift shapes, others fall into oblivion, and completely new ones arise out of nowhere. To help you stay ahead of the game in 2018, here’s a list of the most prominent trends that are gaining momentum, with tips on how you can prepare for each. 1. The rise of SERP features Are you assuming a #1 organic ranking is  the  way to get as much traffic as possible? Think again. Increasingly, SERP features (local packs, Knowledge panels, featured snippets and so on) are stealing searchers’ attention and clicks from organic listings. And it’s only fair if you consider the evolution the Google SERP has been through. It has gone all the way from “10 blue links”… … to something that makes you feel like you’re part of a Brazilian carnival. What can you do about it? With the evolution of SERP features, it’s critical that you (a) track your rankings within these fe

Hot Selling Frameless One-piece Jelly Color Transparent Sun Glasses

  Step out in style with our Cross-border Hot Selling Frameless One-piece Jelly Color Transparent Sun Glasses! Perfect for any occasion, these sunglasses are sure to turn heads. Get yours now at Josidel Online Stores with free shipping! Shop here: https://josidelonlinestores.com/product/cross-border-hot-selling-frameless-one-piece-jelly-color-transparent-sun-glasses/

Josidel Online Stores

 Josidel Online Stores is an e-commerce website that offers a wide range of products to customers worldwide. From trendy fashion items to cutting-edge electronics, the store provides an easy and convenient shopping experience for everyone. One of the things that set Josidel Online Stores apart is the variety of products available on the platform. Customers can find everything from stylish clothing and accessories to gadgets and home appliances. With a focus on quality and affordability, the store offers products that are both stylish and practical. Another key feature of Josidel Online Stores is its user-friendly interface. The website is easy to navigate, with products sorted into various categories and subcategories. Customers can easily find what they're looking for, with a simple search bar and filtering options available. The store also provides detailed product descriptions and high-quality images to help customers make informed purchase decisions. Josidel Online Stores pride