Uber concealed data breach for a year and paid hackers $100,000 to delete stolen personal data on 57 million people.
Hackers have stolen the personal data of drivers and customers from Uber Technologies Inc., a massive breach that the company concealed for more than a year.
The data leak happened over a year ago and the company paid the hackers $100,000 to delete the stolen info. Compromised data from the October 2016 attack includes names, email addresses and phone numbers of 50 million Uber riders all over the world. The personal information of about 7 million drivers was also accessed including 600,000 U.S. drivers’ license numbers. No information of social security numbers, credit card information or trip location details were taken, said a spokesman for the company.
The hack happened when two attackers accessed an archive of rider and driver data last October. Then hackers used login credentials they obtained there to access data stored on an Amazon Web Services account that handles computing tasks for Uber. The login information was obtained through a private GitHub coding site. Then, the two attackers emailed Uber and said that they had personal data of 57 million Uber riders and drivers.
Uber’s CEO Dara Khosrowshahi said in an emailed statement that none of that should have happened, and there are no excuses for it.
According to Bloomberg.