Uber concealed hack of 57 million accounts for more than a year

Robyn Valdez
November 23, 2017

This isn't his first run-in with the ride-hailing company - just previous year his office reached a settlement with Uber over its collection and use of riders' personal information and its delayed disclosure of a 2014 data breach.

First, I've heard numerous stories at infosec conferences this year about unnamed companies, including healthcare and financial services organizations, that were hit with ransomware and then paid the ransom without disclosing the incident to regulators or the public. "This data is nearly never monitored or secured, and as we can see here, it is often stored in various locations and is often easily accessed by nefarious actors", says Terry Ray, CTO of data protection company Imperva.

"If we do use the NDB legislation and its reporting properly, I would say in the future we will gather better empirical data around incidents and breaches that will give you better quality statistics and trends around this - particularly around the government sector, which often seems to be a bit of a black box".

The hackers got names, home addresses, cell phone numbers, and email addresses, but it does not appear that they obtained any other information. That's because the company didn't alert authorities or those who were affected.

'The Partridge Family' Star David Cassidy in Critical Condition with Organ Failure
Pop star David Cassidy has been hospitalized in Florida and is suffering from organ failure, according to his publicist. Cassidy, in an interview with CNN in 2014, said his trouble with alcohol was "very humbling and it's also humiliating".

This is the second time the company is known to have failed to report a significant breach, having been fined $20,000 in January 2017 for failing to disclose a considerably less serious breach in 2014, as reported by the BBC. In fact, Uber paid the hackers $100,000 to keep the data breach under wraps.

Although the Uber breach likely has global implications, its potential effect on Australian users and drivers led Pilgrim to quickly make enquiries with Uber, his office said in a statement.

"None of this should have happened", Khosrowshahi closed his blog post, adding, "and I will not make excuses for it".

Two hackers managed to access personal information they stole from a "third-party cloud-based service".

Sprint Offers Unlimited Freedom Customers Free Hulu
The offer will be available to new or returning Hulu subscribers only, according to the terms and conditions page. To sign up for the offer, starting November 17, Sprint Unlimited Freedom customers can visit sprint.com/hulu.

On Tuesday, Bloomberg revealed that Uber paid hackers $100,000 to hide a cyber attack that exposed the personal data of 57 million users of the app in October 2016.

Uber joined the likes of Google, Sony, Yahoo and Target among companies that have suffered massive data breaches from hackers in recent years.

New York Attorney General Eric Schneiderman on Tuesday launched an investigation into the incident. Additionally, the license numbers of 600,000 drivers were exposed during the breach. In a coincidentally timed announcement shortly before Uber's hacking disclosure Tuesday, Whitman said she was stepping down as head of Hewlett Packard Enterprise Co.

Khosrowshahi also said that he can't erase the past but the company will learn from its mistakes.

Newly discovered Earth-like planet could support life
The newly discovered world, named Ross 128b, was discovered orbiting a red dwarf , 11 years light from Earth. Earlier this year, scientists said that they had received unusual pulses coming from the star.

Other reports by Info About Network

Discuss This Article