Shock: Uber Paid Hackers $100,000 To Delete Stolen Data On 57 Million People And Then Illegally Covered It Up

by Alex Thomas | Nov 21, 2017 | Headline News | 12 comments

[dipl_text_animator animated_text=”Do you LOVE America? | Do you WANT our borders secured? | Don’t miss on the latest news | Subscribe and stay informed!” animation_layout=”zoom” animation_time=”740ms” animation_hold=”5010ms” _builder_version=”4.24.0″ _module_preset=”default” global_text_settings_text_align=”center” global_text_settings_text_color=”#FFFFFF” global_colors_info=”{}”][/dipl_text_animator]
[contact-form-7 id=”6521033″ title=”Article Subscribe”]

Share

File illustration picture showing the logo of car-sharing service app Uber on a smartphone next to the picture of an official German taxi sign

The personal data of least 57 million customers and drivers from the highly popular company Uber Technologies Inc. was stolen by hackers in October 2016 and the company not only paid the criminals who took their customers data but also subsequently illegally covered up the the hack itself.

News of the hack has reverberated around the world after a Bloomberg report revealed the stunning details and, in response, the company fired its chief security officer and one of his deputies for their role in what amounted to an illegal scheme to cover-up the hack that included a $100,000 payment to the hackers in return for a promise to “delete” the data and keep quiet about it.

According to Bloomberg:

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday.

The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken.

Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Take note that at the time of the hack Uber was already dealing with investigations into privacy violations and news of a new hack would have been devastating for the company. It is also extremely unlikely that a hack of this magnitude was not known throughout the entire upper echelon of Uber. Make no mistake, this was a concerted effort and amounted to a crime under federal and state laws.

In a statement the companies new chief executive officer, Dara Khosrowshahi, (most likely worried about an impending federal investigation) said there were no excuses for Uber’s actions.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said. “We are changing the way we do business.”

The Bloomberg report continued:

Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said.

Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.

Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year.

Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

Bloomberg also detailed exactly how the attack went down while revealing that the cover-up was indeed a crime:

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company.

From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.

Amazingly, the company is apparently banking on a former general counsel at the National Security Agency, Matt Olsen, to restructure its security teams and ostensibly provide greater transparency.

Apparently Uber isn’t aware that the NSA is one of the most secretive organizations in the entire world.

Jump to comments

[the_ad_group id=”24571″]

URGENT ON GOLD… as in URGENT

It Took 22 Years to Get to This Point

Gold has been the right asset with which to save your funds in this millennium that began 23 years ago.

Free Exclusive Report

The inevitable Breakout – The two w’s

[email-download download_id=”345496″ contact_form_id=”19fc5e7″]

Related Articles

[the_ad_group id=”30340″]

Comments

Join the conversation!

It’s 100% free and your personal information will never be sold or shared online.

Register here

0 Comments

Submit a Comment

Commenting Policy:

Some comments on this web site are automatically moderated through our Spam protection systems. Please be patient if your comment isn’t immediately available. We’re not trying to censor you, the system just wants to make sure you’re not a robot posting random spam.

This website thrives because of its community. While we support lively debates and understand that people get excited, frustrated or angry at times, we ask that the conversation remain civil. Racism, to include any religious affiliation, will not be tolerated on this site, including the disparagement of people in the comments section.

[dipl_ajax_search search_placeholder=”Article Search” display_fields=”on|on|off|off” search_result_box_bg_color=”#870404″ search_icon_font_size=”20px” search_icon_color=”#870404″ loader_color=”#870404″ _builder_version=”4.17.4″ _module_preset=”default” search_result_item_title_font_size=”14px” search_result_item_excerpt_font_size=”11px” border_color_all_form_field=”#870404″ global_colors_info=”{}”][/dipl_ajax_search]

[the_ad_group id=”30343″]

[the_ad_group id=”30344″]

[620studio_custom_posts post_type=”report” columns=”1″ limit=”1″ category_id=”23503″ caption=”no” date=”no” title=”no”]