Uber Hack in October 2016: Failing to Report

Uber was hacked October 2016 in a massive global breach and the company is only acknowledging this Tuesday. The Uber hack spanned the personal information of 57 million customers and Uber failed to notify individuals and regulators.

At the time of the incident, the company was negotiating with U.S. regulators investigating claims of privacy violations. Instead of properly reporting the Uber hack, the company paid the hackers to delete the data and cover-up the breach.

“None of this should have happened, and I will not make excuses for it,” Uber new CEO Dara Khosrowshahi said in a statement. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

Dara assured that at the time of the attack, the company took immediate steps to secure the data, and they also identified the individuals behind the breach and obtained assurances that the stolen downloaded data has been destroyed.

The Guardian, quoted Chris Hoofnagle of the Berkeley Center for Law and Technology:
“The only way one can have direct liability under security breach notification statutes is to not give notice. Thus, it makes little sense to cover up a breach.”

According to Bloomberg, here is how the attack went: “Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.”

Resources:
Uber News Room, Bloomberg, The Guardian.

Note About Resources:
Listing resources is a new initiative that we are trying at SecurityNews.io after some followers expressed interest in combating fake news. If you have any feedback, please share with Mohamad. We only grow as a community because of YOU.

 

Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

%d bloggers like this: