Uber is now admitting that they were hacked a year ago and didn’t tell anyone. Data on 57 million riders was stolen, and information on 600,000 drivers was taken as well. Uber paid off the hackers to destroy the data.
Now that this is coming to light, Uber’s Chief Security Officer is out as the fall guy. And they’re bringing in a former general counsel at the NSA to guide their policies going forward, which should raise all sorts of separate concerns.
They’re notifying drivers whose drivers license numbers were taken and doing the usual waving of hands around “free credit monitoring and identity theft protection” which really exists as a business these days so that companies can say they’re doing something after data is stolen.
This is how the hack went down:
No that’s not it. This is it:
Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company.
Here’s the information taken on riders.
Rider information included the names, email addresses and mobile phone numbers related to accounts globally. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded.
Driver information included the names, email addresses and mobile phone numbers related to accounts globally. In addition, the driver’s license numbers of around 600,000 drivers in the United States were downloaded. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers, or dates of birth were downloaded.
(HT: Doctor of Credit)