Uber hack: What happened, who’s affected, advice for app users and everything you need to know about the data breach
Uber is the latest major company to reveal that it has been targeted by hackers.
A massive breach resulted in data being exposed last year – but the tech company was less than forthcoming about it and even paid off the hackers.
Here’s everything you need to know about the incident and how it might affect you…
What happened exactly?
Late in 2016, information held by a third-party cloud service provider used by Uber was accessed by two hackers. The pair were paid $100,000 to delete the stolen data, Bloomberg reports, while the incident was kept under wraps.
Who’s affected?
Both drivers and users of the service are affected – 7m of the former, 50m of the latter – though detail on exactly who they are and where they are is light.
Currently we know it is world wide and that 600,000 US drivers are affected.
What information was stolen?
Driver licence information, names, email addresses and phone numbers were exposed. The hackers downloaded a “significant amount” of information.
But, Uber says details of location, credit card numbers, bank accounts, social security numbers or dates of birth were not accessed in the breach.
It has also said it “obtained assurances” that the data that was stolen was destroyed.
What action do I need to take if I use Uber?
The company has said that riders don’t need to take any action but it encourages users to keep an eye on accounts on a regular basis.
“We have seen no evidence of fraud or misuse tied to the incident,” Uber said. “We are monitoring the affected accounts and have flagged them for additional fraud protection.”
It’s not clear if the account holders have been notified that they are being monitored. Drivers, however, have been alerted.
What has Uber said?
An apology came from chief executive Dara Khosrowshahi, who has been at the firm only a couple of months and is already dealing with several issues.
“None of this should have happened, and I will not make excuses for it,” he said in a statment.
“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
What has Uber done?
In addition to the monitoring above, Uber launched an investigation of the incident and how it was handled.
Khosrowshahi forced the resignation of Uber’s chief security officer Joe Sullivan, according to Bloomberg, while a senior lawyer was fired the publication claims. The boss has also brought in an expert cyber security consultant to advise him on what to do next.
Uber is also notifying regulators – something it should have done at the time of the breach.
Why didn’t Uber say something sooner?
The tech company has been in turmoil over the past year and this scandal is just the latest in a long line of examples of bad management under Travis Kalanick, the founder and ex-CEO who was ousted (though remains on the board). Here’s what was already on Khosrowshahi’s very long to-do list before this incident.
What next?
The New York attorney has launched an investigation into the incident, as has the UK’s data watchdog, the Information Commissioner’s Office.
Further scrutiny is almost certain to follow, while we can expect further information on exactly who has been breached – the ICO warned that it was the company’s responsibility to identify when UK citizens have been affected.