Wednesday, November 29, 2017

Uber Security Breach Affected 57 Million Accounts... Then Uber Paid the Hackers $100,000 to Keep it Quiet

uber_2016_logo.png
 
 
In another massive security breach Uber data for 57 million accounts was accessed.  That included 600,000 driver accounts.
 
The truly sad AND scary part of the story is that it happened in October of 2016, but no one found out about it until November 2017.  How does that much data get stolen and no knows about it?
 
In this case, it’s because Uber paid for the silence.  That’s right… Uber knew about the hack and covered it up by giving the individuals that performed the theft $100,000 to keep quiet.
 
The data was stored in the cloud on a third party storage system.  Customer data stolen included names, email addresses as well as their mobile number.  Driver data lifted was names and driver’s license numbers.
 
There are laws, both state and federal, that dictate what a company should do when it discovers a data breach.  However, in this case what Uber chose to do was to ignore the laws and paid a ransom demanded by the hackers.  The company paid the $100,000 not just for silence, but for the thieves to delete the data.  Interestingly enough, it has been reported that Uber tracked down those responsible and had them sign a nondisclosure agreement.
 
The question is since they found the hackers, why didn’t they prosecute them?  Was the concern about the bad PR from the breach or something else?  Also will their be legal repercussions from the authorities or will this slide into obscurity?  There seems a lot more to this than has come out so far…

Post a Comment