Last year, Uber experienced a hack that affected 57 million customers across the globe. An exclusive report from Reuters has revealed that a 20-year-old Florida man was behind the intrusive hack. Supposedly, the hacker worked with a second individual to access the personal data stolen from Uber.
The man behind the attack was able to steal a tremendous amount of data including Uber customers names, email addresses, along with the phone numbers of both drivers and riders. Even more so, 600,000 U.S. driver licenses were stolen from Uber's 7 million drivers. Fortunately, no social security number, credit card information, or trip location data were taken.
Uber ensured that all the personal data has been removed from the hacker's computer and made the 20-year-old sign a nondisclosure agreement "promising he won't participate in any further wrongdoing."
How Did They Do it?
The attackers accessed a private GitHub coding site used by the software engineers at Uber. Using the login credentials they obtained, the hackers accessed Uber's data on their Amazon Web Services account, and from there, they discovered the archived rider and driver information. After this, the duo emailed Uber demanding money. The security team paid the duo through a "bug bounty" program; a program used to pay people who can identify holes in software. “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” said Dara Khosrowshahi, Uber CEO. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.
State and federal law require companies to alert people and government agencies when data breaches occur. At the time of the incident, Uber was in talks with the U.S regulators investigating a separate incident of privacy violations.
Since the hack last year, Uber has fired top Chief Security Officer Joe Sullivan and former president Jeff Jones has resigned. Hackers have been in the news for infiltrating major companies over the years, including Yahoo, MySpace, Target Corp., Anthem Inc., and Equifax Inc. to name a few. Even as companies tighten their data security, more hacks may be inevitable. Nevertheless, what was so horrible about this hack is the extreme measures taken to hide the attack. When customers or employee data is stolen, it is imperative that companies reveal that information to the public. What do you think of the Uber hack?