Uber Says Hackers Compromised 57 Million Accounts A Year Ago, But It’s Only Telling Users Now

by Ryan Mac on November 21, 2017

Uber CEO Dara Khosrowshahi

Adriano Machado / Reuters

Uber Technologies executives concealed a data breach for more than a year that compromised the information of 57 million accounts, the San Francisco ride-hailing company said on Tuesday.

That hack, which occurred in October 2016, exposed users’ names, email addresses, and phone numbers, as well as the names and driver license numbers of 600,000 drivers. Users from around the world were affected, the company said, adding that it had not detected any theft of trip location history, credit card numbers, bank account numbers, Social Security numbers, or birthdates.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” CEO Dara Khosrowshahi said in a statement. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed.”

Khosrowshahi, who assumed the role of Uber CEO in August, also implied he was only just learning of the hack, writing, “You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation.”

In a year marked by public protest, internal strife, and the ousting of former CEO Travis Kalanick, the revelation that Uber executives concealed a data breach for more than a year will do little to bolster the company’s reputation with customers. Accoording to Bloomberg News, which first reported the story, the company ousted Chief Security Officer Joe Sullivan and one of his deputies over the incident.

The company advised riders that no action needed to be taken in light of the breach.

“We have seen no evidence of fraud or misuse tied to the incident,” the company said in a statement. “We are monitoring the affected accounts and have flagged them for additional fraud protection.”

As for drivers, Uber said it would be notifying those affected by mail or email offering them free credit monitoring and identity theft protection.

This is a developing news story.

Originally Posted By BuzzFeed - Tech

{ 0 comments… add one now }

Previous post:

Next post: