China Daily

Uber paid hackers to cover up data breach

-

SAN FRANCISCO — The chief of Uber on Tuesday gave details of the theft of personal informatio­n of 57 million customers after the US ride-hailing giant this week fired its chief security officer for concealing the data breach.

Uber CEO Dara Khosrowsha­hi acknowledg­ed in a blog post on the company’s official website that a year ago two hackers broke into a third-party cloud-based system that contained the private informatio­n of its customers.

Though he said there was no evidence to show that key personal informatio­n such as the customers’ credit card, bank account and social security numbers had been stolen and abused, he admitted that other sensitive data had been illegally downloaded.

Such informatio­n included names, email addresses and mobile phone numbers of 57 million users around the world, and the names and license numbers of 600,000 drivers.

“We have to be honest and transparen­t as we work to repair our past mistakes,” Khosrowsha­hi said. “None of this should have happened, and I will not make excuses for it.”

He said his company is notifying the regulatory authoritie­s about the theft for possible further investigat­ion.

This week Uber fired its chief security officer Joe Sullivan, along with one of his subordinat­es.

Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigat­ion officials and private security companies have said that an increasing number of companies are paying criminal hackers to recover stolen data.

“The economics of being a bad guy on the internet today are incredibly favorable,” said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.

‘God View’

Uber has a history of failing to protect driver and passenger data. Hackers previously stole informatio­n about Uber drivers and the company acknowledg­ed in 2014 that its employees had used a software tool called “God View” to track passengers.

Khosrowsha­hi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructur­e the company’s security teams and processes. The company also hired Mandiant, a cybersecur­ity firm owned by FireEye Inc, to investigat­e the breach.

?? MOHAMED AZAKIR/ REUTERS ?? Lebanese PM Saad al-Hariri attends a military parade in Beirut on Wednesday. Hariri, who announced his resignatio­n in a Nov 4 broadcast from Saudi Arabia, said he has delayed his decision at the request of President Michel Aoun to allow for dialogue.
MOHAMED AZAKIR/ REUTERS Lebanese PM Saad al-Hariri attends a military parade in Beirut on Wednesday. Hariri, who announced his resignatio­n in a Nov 4 broadcast from Saudi Arabia, said he has delayed his decision at the request of President Michel Aoun to allow for dialogue.

Newspapers in English

Newspapers from Hong Kong