In a recent admission, car provider, Uber, stated that it had suffered a database breach in the past year. The company admitted that the breach had given hackers access to the data of almost 57 million people, both users and drivers.
In the statement, Uber stated that the hack took place in 2016. The company also provided some information regarding the hack, saying it was performed by two people. The company believed that the hackers had used a third-party cloud service to conduct their attack.
Uber admitted that the hackers had managed to steal the name and license numbers of almost 600,000 drivers in the U.S. The hackers also made away with rider details such as names, email addresses, and phone numbers.
However, in what is sure to come as a relief to both the company and its users, Uber reported that sensitive information such as location, credit card numbers, and bank account details were left untouched.
Speaking of the attack, Uber’s CEO Dara Khosrowshahi stated that the company would not make excuses for the unforgivable event. Fortuitously, since Khosrowshahi was not CEO at the time of the attack, he cannot be held liable for the folly.
According to sources, Uber paid the hackers $100,000 in 2016, on the condition that they delete the data and keep the breach out of the news. When asked about this move, the company was evasive saying they took “immediate steps to secure the data”. However, Uber did not elaborate on its decision to pay the hackers for their silence.
Earlier in the year the Federal Trade Commission (FTC) stated that Uber had “failed consumers” citing a 2014 data breach as the basis for its accusation. Reacting to the FTC’s statement, Uber immediately agreed to 20 years of privacy audits.
The company’s secrets were finally brought to light during an investigation conducted by New York’s Attorney General, Eric Scheiderman.
While Uber’s data breach is miniscule when compared with Yahoo’s 3 billion account fiasco, it is still large enough to elicit tensions across the globe. The company’s users and drivers are bound to worry about the safety of their private information.
While the company has offered all affected drivers free credit monitoring and identity theft protection, it is nothing more than a band aid on a hemorrhaging wound.
At the end of the day, both Uber’s users and drivers now know that their locations and their identities are easy prey for any hack-god with a keyboard at its fingertips.