Uber – the hack and the coverup

In October 2016 Uber allegedly concealed a hack which affected over 57 million customers. The hack exposed personal information such as email addresses and phone numbers and Uber had reportedly paid a hacker group $100,000 to further hide evidence of the leak, and keep it out of the media.

Ubers chief executive Dara Khosrowshahi stated that “None of this should have happened, and I will not make excuses for it,” when referring to the cover-up of the hack. Khosrowshahi also said that “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

The stolen Data

In addition to the email addresses and phone numbers stolen, the names and license numbers of 600,000 Uber drivers in the US were also stolen. Uber made a statement saying that other sensitive information was not comprised, such as location information, credit card information, bank account numbers, social security details, and birthdates.

In an attempt to protect its drivers, Uber has begun offering complimentary credit monitoring and identity theft protection.

Khosrowshahi made it clear In a statement that he had been assured all of the leaked data had been destroyed and that Ubers “failure to notify affected individuals or regulators” had forced him to lay off two high-level employees, of which included Joe Sullivan, Uber’s chief security officer, as reported by Bloomberg.

An Uber driver in Pittsburgh, Robert Judge, believes that this is an example of “typical Uber only caring about themselves,” and has also revealed he is yet to receive any support or assistance from the company to protect his privacy. Furthermore, Uber’s silence on the matter meant Judge had found out about the hack from the media, rather than his employer, Uber.

The “Unforgivable” Hack

Bloomberg reported that the breach of data took place when hackers accessed login details to an Amazon Web Services server, where a large swatch of Uber’s data was stored. BullGuard’s CEO, Paul Lipman, stated that Uber’s unencrypted storage of sensitive customer data was “unforgivable.” Further iterating that it was a “complete misstep” from an IT security standpoint.

UWA’s Centre for Software Practice’s director, Dr Glance has said that to keep yourself safe from these types of hacks you should only hand over essential information, such as a payment option, not your address, real name or even gender. He also said that it’s a good idea to use PayPal rather than your credit card details.

The Investigation

New York’s state attorney has launched a complex investigation into the hack and specifically the following actions taken by Uber to determine it’s liability.

This latest scandal is just another in a string of cover-ups, sexual assault claims, and underpayment of employees that Uber has experienced with its previous disgraced CEO Travis Kalanick at the wheel, who was removed from his role in June.

Uber’s CEO has issued an apology via a public statement saying, “On behalf of everyone at Uber globally, I apologise for the mistakes we’ve made.”

---

Categories: News