Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Uber Admits It Hid Massive Data Breach of 57M Users and Drivers

    By
    Sean Michael Kerner
    -
    November 22, 2017
    Share
    Facebook
    Twitter
    Linkedin

      Uber publicly admitted on Nov. 21 that it was the victim of a massive data breach that exposed personally identifiable information on 56 million users and 600,000 drivers.

      “I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” Uber CEO Dara Khosrowshahi wrote in a statement. “The incident did not breach our corporate systems or infrastructure.”

      Among the information that were stolen were names, email addresses and mobile phone numbers of Uber users. The names and license numbers of approximately 600,000 Uber drivers in the United States were also stolen. Khosrowshahi noted that there is no indication that credit card numbers, Social Security numbers or dates of birth information was stolen in the data breach.

      “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” he stated. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed.”

      According to a Bloomberg report, Uber paid $100,000 to the two hackers to delete the data and keep the matter quiet. Uber did not publicly report the breach in 2016, nor did it alert the regulatory authorities. The decision to pay off the hackers and not disclose the attack was allegedly made by Uber Chief Security Officer Joe Sullivan, who has been fired by Uber.

      Although data was stolen, Khosrowshahi emphasized that no fraud or misuse of the data has occurred due to the 2016 breach.

      “While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,” he said.

      According to Bloomberg, Uber’s co-founder and then CEO Travis Kalanick was notified of the incident months after it occurred in 2016. Khosrowshahi was named CEO of Uber in August 2017, after Kalanick was forced out by Uber’s board of directors.

      Bug Bounties

      The hack was allegedly conducted by the attackers who were able to find login credentials in an Uber repository on GitHub that enabled access to an Uber Amazon Web Services account. In the wake of the breach, Khosrowshahi said Uber has implemented security measures to restrict access to and strengthen controls on its cloud-based storage accounts.

      Coincidentally, Uber launched a bug bounty program on the HackerOne platform in March 2016, paying security researchers to responsibly disclose vulnerabilities to the ride-sharing company. In July 2016, Uber revealed that it had paid a security researcher $10,000 for a high-impact flaw that could have enabled an attacker to take over an Uber user’s account.

      As of Nov. 22, the HackerOne Uber bug bounty page reports that the company has paid $1.3 million in bug bounties since March 2016 for relevant security reports. Among the in-scope vulnerabilities that the bug bounty program pays for are AWS credential exposure reports. It’s currently not clear if the details behind the 2016 attack were ever communicated to Uber via its bug bounty program.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×