Advertisement

Uber admits covering up 2016 hack that affected millions

Uber admits covering up 2016 hack that affected millions
From CBC - November 22, 2017

Uber is coming clean about its cover-up of a year-old hacking attack that stole personal information about more than 57 million of the beleaguered ride-hailing service's customers and drivers.

So far, there's no evidence that the data taken has been misused, according to a Tuesday blog post by Uber's recently hired CEO, Dara Khosrowshahi. Part of the reason nothing malicious has happened is because Uber acknowledges paying the hackers $100,000 to destroy the stolen information.

The revelation marks the latest stain on Uber's reputation.

The San Francisco company ousted Travis Kalanick as CEO in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.

It's also the latest major breach involving a prominent company that did not notify the people that could be potentially harmed for months or even years after the break-in occurred.

Yahoo did not make its first disclosure about hacks that hit 3 billion user accounts during 2013 and 2014 until September 2016. Credit reporting service Equifax waited several months before revealing this past September that hackers had carted off the Social Security numbers of 145 million Americans.

Khosrowshahi criticized Uber's handling of its data theft in his blog post.

"While I ca not erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Khosrowshahi wrote. "We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."

That pledge should not excuse Uber's previous regime for its egregious behavior, said Sam Curry, chief security officer for the computer security firm Cybereason.

'Uber paid a bribe'

Advertisement

Continue reading at CBC »