Uber admits to covering up cyberattack that affected 57 million users

Photo via AlesiaKan/Shutterstock (Licensed)

Two executives have already been fired.

Uber admitted Tuesday to covering up a massive cyberattack by paying hackers $100,000 so they wouldn’t reveal that they had stolen sensitive information from 57 million customer and driver accounts.

Two hackers reportedly accessed a private Github site used by Uber engineers, stole login credentials, and accessed driver and rider data stored on an Amazon Web Services account. They then asked Uber for money while holding the private information ransom.

The compromised data includes names, email addresses, and phone numbers of more than 50 million Uber riders and 7 million drivers around the world, according to a Bloomberg report. No social security numbers, credit card info, or trip details were obtained in the October 2016 attack.

Uber agreed to pay the fee as long as the hackers stayed quiet and deleted the info. However, instead of abiding by state and federal laws, the ride-hailing company hid the data breach from the public.

Uber admitted that it failed to take the correct actions. Former CEO Travis Kalanick, who was ousted in June following a string of controversies, reportedly knew about the breach in November 2016.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Dara Khosrowshahi, the CEO of Uber who took over this September, told Bloomberg.

Uber, under new management, is desperately trying to make up for past mistakes. It recently fired Joe Sullivan, its chief security officer, and deputy Craig Clark for their handling of the incident.

Uber said it would notify users affected by the breach in the coming days.

Correction: The fired deputy security officer’s name is Craig Clark. 

Phillip Tracy

Phillip Tracy

Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.