/ SECURITY WATCH

Uber discloses data breach, kept secret for a year

Popular articles

01 / 12 / 2017

Uber discloses data breach, kept secret for a year

It took several years for Uber to grow from a ride-hailing app to a global transportation company, available in over 80 countries. However, now Uber’s reputation is at stake due to a massive hack disclosure.

Last year hackers accessed the private data of about 57 million Uber riders and drivers, as Bloomberg reported. Usually, cyber attacks happen to every large corporation and immediately go public. Instead, Uber has managed to keep this massive data breach secret for over a year. What’s more, the company is reported to have paid a $100,000 ransom to keep the attack quiet. Uber expected hush money would make hackers remove the data exposed and avoid the hack disclosure.

How it happened

Two hackers accessed a GitHub coding website, which was used by Uber software engineers. Attackers used this website to steal login credentials and unlock the user data stored on Amazon Web Services account. From there, the hackers discovered an archive of rider and driver information and asked Uber to pay the ransom.

Compromised private information included names, email addresses, and phone numbers of about 50 million Uber riders worldwide. What’s more, driver’s licenses and phone numbers of 7 million drivers had been also exposed. Fortunately, Uber assured that no Social Security numbers, credit card details, and trip locations were leaked. In addition, the company claims hackers never used the data exposed, but still refused to declare attackers’ identities.

Uber’s chief executive officer Dara Khosrowshahi stated, “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

At the same time, he claimed, “None of this should have happened, and I will not make excuses for it, we are changing the way we do business.”

Government authorities worldwide are stepping up security measures to protect their citizens’ privacy. London and some other cities have banned the Uber service, referring to company’s “reckless behavior.”

How to protect your Uber privacy

Even though the latest data breach went public, nobody knows what’s happening behind the scenes. So, in case you are an Uber user, remember to do the following:

  • Check out the upcoming news concerning this data breach;

  • Once you find out new details about this data leak, share it on your Facebook or Twitter. Let the world know;

  • Watch out when sharing your private data.

We also invoke companies to be more diligent when placing sensitive user information on the online platforms. For example, we don’t recommend using GitHub for security keys.

After all, when a company immediately reports the leak, it stays respectful and honest with its customers. Otherwise, users are unlikely to entrust their payment details and continue using such service.

Anyway, we wish your private data stays always safe. Stay tuned and follow our Security Watch.