Leaked 57 million Uber Neglect Cyberattack: this is the number of people who have had their data with Uber and later exposed in a cyber attack to Uber data center. There is only one problem: the company agrees to omit any information about the incident and more than that, Uber officials paid the hackers to delete the stolen data and also be silent. According to Bloomberg, it all came to light after Joe Sullivan, Uber’s security director was sent off along with another Uber-area executive.
The attack took place in October last year and resulted in the display of information such as names, emails and phone numbers of more than 50 million service users around the world. Drivers were not left out either: 7 million had their data exposed, including the driver’s license number, 600,000 of them are operating in the United States. The company claims that data such as credit card numbers, travel information, addresses and the like were not accessed.
At the time, Uber paid $ 100,000 to prevent hackers from deleting the stolen data and not commenting on it to avoid further problems in future with regulators who were already investigating the company on charges of privacy breach. “None of this should have happened and I will not make excuses for that,” said Dara Khosrowshahi, the company’s CEO. “We are changing the way we are doing business.”
The company says Travis Kalanick, the company’s former president, determined of the attack a month later and chose not to talk about the incident. An external audit that revealed the details of the attack and attempted to cover it up.
Two hackers were able to access a secret page on GitHub with codes from Uber’s software engineers and used login credentials they got there to access data stored in Amazon Web Services on the account that manages the company’s computing tasks. After the invasion, the company acted to solve the problems of unauthorized access.
“Although we can not erase our past, I promise on behalf of every Uber employee that we will learn from our mistakes,” said Khosrowshahi. The company has yet to proclaim who will be liable for the security area.