Uber Breach

November 27th, 2017 by admin Leave a reply »

Uber mentioned that it had covered up a massive data breach of 57 million customers’ and 600,000 drivers’ information in late 2016 by shelling out the hackers a $100,000 ransom.

Uber CEO Dara Khosrowshahi mentioned that two hackers “inappropriately accessed user data stored on a third-party cloud-based service that we use.”

Affected information includes 600,000 U.S. drivers’ names and driver’s license numbers, and 57 million global users’ names, email addresses and mobile phone numbers.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage account.”

Uber paid the hackers a $100,000 ransom not to publish the data.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

“Breach disclosure is critical to get right, because it can have long lasting effects on the organization and its customers,” SecureAuth chief security architect Stephen Cox said by email.

“To the organization, every breached customer has a financial impact, and long term viability comes into question because of damage to the brand.”

AsTech chief security strategist Nathan Wenzler said the decisions made by Uber’s CISO is shocking after the incident.

“Quite simply, legitimate security professionals know better than this, and the community at large is built upon integrity in all matters,” Wenzler said. “When you act as the front line of defense for an organization, it is imperative that your security team operates in the most honest and forthright manner possible.”

 ___________________________________________________________________________________

AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Leave a Reply