Join us at TNW Conference 2021 for insights into the future of tech →

The heart of tech

This article was published on November 22, 2017


Uber hid a security breach affecting 57 million customers’ data

Uber hid a security breach affecting 57 million customers’ data
Abhimanyu Ghoshal
Story by

Abhimanyu Ghoshal

Managing Editor

Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and culture. Hit him up on Twitter, or write in: [email protected].

Uber noted in a statement yesterday that two hackers gained access to personal data on 57 million of its users worldwide and some 600,000 drivers in the US, which was stored on a third-party cloud service. The $70 billion company kept this a secret for about a year.

The trove of customer data included names, email addresses and mobile phone numbers; Uber said that its forensic investigation didn’t show that other information like credit card numbers or location history was stolen. As such, it’s not advising affected customers to take any steps to protect themselves at this point. The company said that it would notify drivers whose driving licence details were stolen, and provide them with free credit monitoring and identity theft protection.

That’s just the half of it. According to the New York Times, after the incident took place in late 2016, Uber paid the hackers $100,000 in ransom so they’d delete their copy of the stolen data; the company then had them sign non-diclosure agreements and disguised the whole affair as part of a bug bounty program.

The data theft happened on former Chief Security Officer Joe Sullivan’s watch; previously the head of security for Facebook, he’s now been shunted out of the company. Uber’s infamous former CEO Travis Kalanick had been ousted from his position before this breach and a replacement hadn’t yet been found; he was still serving on the company’s board of directors at the time.

This isn’t the first time Uber’s systems have been breached; it was previously attacked in May 2014, when 50,000 drivers’ details were stolen. However, it’s the first incident that newly appointed CEO Dara Khosrowshahi has had to address since he took on the role at the end of August.

As if he didn’t already have a difficult enough job of fixing so many things that are broken within Uber’s ranks and company culture, the revelation of this security breach means that Khosrowshahi will have to find a new CSO, and a new legal director of security and law enforcement – while working to rebuild the firm’s reputation worldwide.

Also tagged with