According to confirmed media reports, ride-sharing technology company Uber, concealed a hack that affected 57 million customers and drivers.
The hack took place in 2016 and then-CEO Travis Kalanick reportedly was privy to the fact. The paid hackers $100,000 to keep the massive breach a secret.
Travis Kalanick is one of the co-founders of the ride-sharing technological company, Uber. Started in 2009, it currently has operations in 633 cities across the world. Kalanick became the CEO in 2011 and held that position till 2017.
Considered to be one of the most successful companies in the world, Kalanick was forced to step down in June 2017 after an internal revolt by five of Uber’s largest investors. He remains on the company’s board.
After he resigned from the position, Kalanick said, “I love Uber more than anything in the world and at this difficult moment in my personal life I have accepted the investors request to step aside so that Uber can go back to building rather than be distracted with another fight.”
Kalanick’s fall from grace was jumpstarted by a series of controversies that have plagued Uber especially in 2017. This includes claims by former employees about the working conditions within the company. A blog by a former employee Susan Fowler about the sexual harassment rampant at Uber went viral. This led to Uber firing more than 20 members of its staff and taking action against others following a review of more than 200 HR complaints that included harassment and bullying. The company has been repeatedly accused of harboring a “frat boy” culture within its walls.
Following the many controversies that plagued Uber, Kalanick was forced to resign from his position. The company then made an offer to Dara Khosrowshahi to become the company’s next Chief Executive Officer. Prior to that, Khosrowshahi was the CEO of Expedia, a travel company.
According to confirmed media reports, ride-sharing technology company Uber, concealed a hack that affected 57 million customers and drivers. The hack took place in 2016 and then-CEO Travis Kalanick reportedly was privy to the fact.
The hack was carried out by two perpetrators who were able to access a private GitHub coding site used by Uber software engineers. The hackers then accessed data stored on an Amazon Web Services account that handled computing tasks for the company. This, they were able to accomplish with login credentials they were able to obtain. These hackers then found an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. The hackers were able to get 57 million names, email addresses and mobile phone numbers. The names and driver’s license numbers of around 600,000 drivers in the United States were also compromised.
Khosrowshahi in a statement confirmed the reports adding, “I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure. None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
Uber has a history of being accused of flouting rules and laws. In the US alone, there are at least five criminal probes into possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property.
Uber's chief security officer Joe Sullivan has left the company.
Khosrowshahi added, “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”
Our assessment is that large organizations and governments are provably vulnerable to cyber attacks. The hacks on Uber and financial organizations like Equifax indicates that organizations have to continue investing in understanding new forms of cyber threats in order to address them. This also signals that the data collated for Aadhaar card in India could endanger the privacy and information of millions of Indians.