Photo via AlesiaKan/Shutterstock (Licensed)

Two executives have already been fired.

Uber admitted Tuesday to covering up a massive cyberattack by paying hackers $100,000 so they wouldn’t reveal that they had stolen sensitive information from 57 million customer and driver accounts.

Two hackers reportedly accessed a private Github site used by Uber engineers, stole login credentials, and accessed driver and rider data stored on an Amazon Web Services account. They then asked Uber for money while holding the private information ransom.

The compromised data includes names, email addresses, and phone numbers of more than 50 million Uber riders and 7 million drivers around the world, according to a Bloomberg report. No social security numbers, credit card info, or trip details were obtained in the October 2016 attack.

Uber agreed to pay the fee as long as the hackers stayed quiet and deleted the info. However, instead of abiding by state and federal laws, the ride-hailing company hid the data breach from the public.

Uber admitted that it failed to take the correct actions. Former CEO Travis Kalanick, who was ousted in June following a string of controversies, reportedly knew about the breach in November 2016.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Dara Khosrowshahi, the CEO of Uber who took over this September, told Bloomberg.

Uber, under new management, is desperately trying to make up for past mistakes. It recently fired Joe Sullivan, its chief security officer, and deputy Craig Clark for their handling of the incident.

Uber said it would notify users affected by the breach in the coming days.

Correction: The fired deputy security officer’s name is Craig Clark. 

Debug
Travis Kalanick resigns as Uber CEO
Kalanick is officially gone, after earlier taking a leave of absence.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.