The Strategist

Hackers stole data of 57 million Uber users

11/22/2017 - 03:00

Uber taxi service was subjected to a hacker attack, during which hackers stole data of 57 million passengers and drivers of the company, reports Bloomberg.

Will McKinley via vimeo
Will McKinley via vimeo
The incident occurred in October 2016, but was made public only now. Instead of reporting about the attack, the company paid 100,000 dollars to the hackers to delete the data and keep it a secret. The fraudsters stole names, email addresses and mobile phone numbers of 50 million Uber users around the world, as well as personal data of 7 million drivers, including driver's license numbers in the US.

According to the Uber management, the hackers did not have time to take advantage of the information received. "None of this should have happened, and I will not seek excuses [...] I cannot erase the past, but I can vouch for every Uber employee that we will learn from mistakes," said Uber’s CEO Dara Khosrowshahi.

According to him, the company took measures to ensure data security after the incident. Uber also hired Mandant cyber security firm to investigate what happened. According to Bloomberg, the former head of Uber Travis Kalanick knew about the incident. After the hacker attack was revealed, the head of security at Uber Joe Sullivan left the company.

Answering the question why the company decided to open the fact of the incident to the public, Dara Khosrowshahi pointed out that Uber’s experts conducted a long investigation into the cyber-attack and actions of the previous leadership. He assured that after that he sent all the available information about the breach to the state regulator, and also instructed those responsible to contact the drivers whose data had been stolen.

According to Bloomberg, two hackers managed to penetrate one of the accounts of users of GitHub, the online resource for developers. They supposedly found Uber’s logins and passwords to access the platform of cloud services AWS (Amazon Web Services), which is used by many large companies including for storage of large amounts of data. In this case, Uber can suffer not only from a hacker attack, but because of the fact that the company hid the information about the incident.

Regulators require that all companies affected by a serious hacker attack report this, but Uber did not. The company has already faced a similar situation in the past. In January, Uber was fined $ 20,000, for not reporting a much less serious attack in 2014.

Earlier it was reported that the Japanese investment bank SoftBank reached an agreement with Uber. A consortium led by the bank will invest $ 1 billion in the online taxi order service. Later, according to the agreements, SoftBank will also buy Uber shares from existing investors for up to $ 9 billion, reports. Bloomberg. The discussion took a few weeks, the agency’s sources said.

The consortium includes Dragoneer Investment Group and General Atlantic. Within the framework of the transaction, Uber shares will come to TPG, Tiger Global, DST Global and Tencent Holdings.

For the successful transaction, Benchmark venture company agreed to temporarily postpone its claim to the head of Uber Travis Kalanick, sources note. Within the deal, investors will buy Uber shares based on the current market capitalization of the company at $ 68.5 billion.

The New York Times indicates that the entire consortium of investors, led by SoftBank, will buy out at least 14% of the company's shares. It is about buying both existing securities owned by investors and employees of the service, as well as acquiring the newly issued shares of Uber.