Black Friday Is Almost Here!
The Inventory team is rounding up deals you don’t want to miss, now through Cyber Monday. Click here to browse!

Uber Paid Hackers $100,000 to Cover Up Data Breach Affecting 57 Million Accounts

Photo: Getty
Photo: Getty

Hackers accessed data belonging to 57 million Uber riders and drivers in late 2016, including email addresses, phone numbers, and drivers license numbers. Instead of disclosing the breach, Uber paid $100,000 to the hackers in exchange for their silence. The secret payment ultimately cost several Uber security executives their jobs.

Advertisement

Joe Sullivan, Uber’s chief security officer, and Craig Clark, a lawyer who reported to him, were fired because of the handling of the incident, Bloomberg reported. Sullivan previously worked on security at Facebook before joining Uber in 2015 and had been credited with tightening Uber’s security as the company matured.

Hackers were able to access the user data on an Amazon Web Services account and managed to scrape names and email addresses for millions of users. The breach also included 600,000 license numbers for drivers in the US. No Social Security numbers or location information was stolen, and the hackers agreed to delete the data in exchange for the payment—although it’s unclear how Sullivan or Uber verified that the hackers did indeed delete it.

Advertisement

“You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it,” Uber’s new CEO, Dara Khosrowshahi, said in a statement.

In an attempt to make things right, Uber is offering drivers free credit monitoring and identity theft protection, and Uber says it is notifying regulatory authorities. At the time of the 2016 incident, Uber was negotiating with the Federal Trade Commission to resolve privacy issues related to a 2014 breach.

“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers,” Khosrowshahi added.

Uber says that riders don’t need to take any action and that it is monitoring the affected accounts for fraudulent activity.

Advertisement

[Uber via Bloomberg]

Kate Conger is a senior reporter at Gizmodo.

Share This Story

Get our newsletter

DISCUSSION

sergioar
Unspiek Baron Bodissey

I heard it said hackers can get in the system and hijack rides from legitimate drivers. Once I hailed a car and like five or six canceled me. The guy who finally picked me told me it was because I was paying with card and those were after cash.

For a time it got so crowded that dynamic charges never springed not even in mondays at 8 in the morning. Lazy ass me took a few but the quality was dismal (one guy circled my block for 10 minutes until he stopped to ask me for directions). They must have done a good culling because this morning I checked and yes dynamic charges were back at their usual 3X the normal fare.