The Phnom Penh Post

Uber data breach hits 57M

- Mike Isaac, Katie Benner and Sheera Frenkel

UBER disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.

The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private.

The security officer, Joe Sullivan, has been fired. Kalanick was forced out in June, although he remains on Uber’s board.

The two hackers stole data about the company’s riders and drivers – including phone numbers, email addresses and names – from a third-party server and then approached Uber and demanded the $100,000 to delete their copy of the data, the employees said.

Uber acquiesced to the demands, and then went further. The company tracked down the hackers and pushed them to sign nondisclos­ure agreements, according to the people familiar with the matter. To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” – a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.

The details of the attack remained hidden until Tuesday. The ride-hailing company said it had discovered the breach as part of a board investigat­ion into Uber’s business practices.

The breach at Uber is far from the most serious exposure of sensitive customer informatio­n. The two breaches that Yahoo announced in 2016 eclipse Uber’s in size and an attack disclosed in September by Equifax, the consumer credit reporting agency, exposed a far deeper trove of personal informatio­n for a far larger group of people.

But the handling of the breach underscore­s the extent to which Uber executives were willing to go to protect the $70 billion ride-hailing giant’s reputation and business, even at the potential cost of breaking users’ trust and, perhaps more important, state and federal laws. The New York attorney general’s office said on Tuesday that it had opened an investigat­ion into the matter.

Dara Khosrowsha­hi, who was chosen to be chief executive of Uber in late August, said he only recently learned of the breach.

“None of this should have happened, and I will not make excuses for it,” Khosrowsha­hi said in a company blog post. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

A spokeswoma­n for Kalanick declined to comment.

?? GIULIA MARCHI/THE NEW YORK TIMES ?? The Uber offices in San Francisco on March 27. Uber on Tuesday disclosed it was the victim of a hack last October and that it fired its chief security officer, Joe Sullivan, for keeping the breach a secret for more than a year.
GIULIA MARCHI/THE NEW YORK TIMES The Uber offices in San Francisco on March 27. Uber on Tuesday disclosed it was the victim of a hack last October and that it fired its chief security officer, Joe Sullivan, for keeping the breach a secret for more than a year.

Newspapers in English

Newspapers from Cambodia