HACKERS plundered the personal data of 57 million Uber customers and drivers - but the app-based cab company covered up the breach for a year, paying the pirates to keep quiet instead, according to a new report.
Names, email addresses and phone numbers for 50 million riders and info from seven million drivers were exposed in the October 2016 hack - and the company learned about it a month later, Bloomberg reports.
But instead of reporting the breach to regulators or victims, the company acquiesced to the hackers' demands for $A132,000 to delete the data, according to the report.
57 million customers and 600,000 drivers had their data compromised in Uber hack. But they paid the hackers $100,000 to delete the data and keep the breach quiet so I'm sure it's all going to be ok.— Sheera Frenkel (@sheeraf) November 21, 2017
Uber officials now admit the company should've come clean at the time.
Instead of reporting the hack to regulators, Uber paid hackers $100,000 to delete info and conceal it.— AJ+ (@ajplus) November 21, 2017
"None of this should have happened, and I will not make excuses for it," CEO Dara Khosrowshahi told Bloomberg. "We are changing the way we do business."
At first I was worried about the Uber hack but then I found out they had recieved assurances from the hackers that the data had been deleted and now I’m completely calm about it! /sarcasm— [CyberVix] ACL (@BinaryVixen899) November 21, 2017
The hack wasn't sophisticated - the digital thieves broke into the accounts of two Uber engineers on the coding site Github, where they found the passwords to some online data storage that contained the personal info, according to the report.
"Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet."— Battlecar Compactica (@Battlecar78) November 21, 2017
The thieves then contacted Uber to demand the cash.
This isn't the first time the company has been hacked - or failed to report it. Uber agreed to a $A26,000 settlement with New York Attorney-General Eric Schneiderman last year after it took several months to own up to a data breach.
Update your news preferences and get the latest news delivered to your inbox.