Two hackers reportedly accessed a private Github site used by Uber engineers, stole login credentials, and accessed driver and rider data stored on an Amazon Web Services account. They then asked Uber for money while holding the private information ransom.
The compromised data includes names, email addresses, and phone numbers of more than 50 million Uber riders and 7 million drivers around the world, according to a Bloomberg report. No social security numbers, credit card info, or trip details were obtained in the October 2016 attack.
Uber agreed to pay the fee as long as the hackers stayed quiet and deleted the info. However, instead of abiding by state and federal laws, the ride-hailing company hid the data breach from the public.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Dara Khosrowshahi, the CEO of Uber who took over this September, told Bloomberg.
Uber, under new management, is desperately trying to make up for past mistakes. It recently fired Joe Sullivan, its chief security officer, and deputy Craig Clark for their handling of the incident.
Uber said it would notify users affected by the breach in the coming days.
Correction: The fired deputy security officer’s name is Craig Clark.