|
Uber Paid Hackers $100,000 To Keep A Massive Data Breach Quiet The hack affected 57 million people. Uber confirmed Tuesday that it paid hackers $100,000 to keep quiet after an October 2016 attack led to the disclosure of 57 million customers’ personal data, Bloomberg first reported. The breach included the names, email addresses and mobile phone numbers related to accounts of people around the world, the company said. About 600,000 Uber drivers also had their names and driver’s license numbers stolen. More sensitive information, including trip location history, credit card numbers, bank account numbers, Social Security numbers and dates of birth, was not accessed. More troubling than the hack itself: Instead of disclosing the breach to the affected customers and proper government authorities, Uber decided to pay the unnamed hackers to keep quiet. That was likely the decision of chief security officer Joe Sullivan, a former federal prosecutor Uber hired from Facebook. Sullivan and an additional team member were fired this week. Most states have laws requiring that companies notify consumers who are affected by a data breach. Although not all require customers to be notified in a specific timeframe, many mandate that it happen as soon as possible. For example, in California, where Uber is based, the disclosure must happen in “the most expedient time possible and without unreasonable delay.” There’s currently no evidence that the leaked data has been used for nefarious purposes, Uber told customers Tuesday. “We do not believe any individual rider needs to take any action,” the company said in a statement. “We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection.” Uber CEO Dara Khosrowshahi, who joined the company in September, addressed the breach in a blog Tuesday. “None of this should have happened, and I will not make excuses for it,” Khosrowshahi wrote. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.” “We have to be honest and transparent as we work to repair our past mistakes,” he said. Khosrowshahi said the company is providing affected drivers with free credit monitoring and identity theft protection. 👀👀
|
#
?
Nov 22, 2017 02:47
|
|
|
|
| # ? Apr 27, 2024 01:42 |
|
|
Lol, wrecked. Why would you pay hackers hush money? There's nothing to stop them from telling everyone everything anyway
|
|
#
?
Nov 22, 2017 02:48
|
|
|
very kind of those upright and honest hackers to delete all of that info as agreed.
|
|
#
?
Nov 22, 2017 02:49
|
|
|
FisheyStix posted:Lol, wrecked. Why would you pay hackers hush money? There's nothing to stop them from telling everyone everything anyway look at this post. there is a thing called integrity, you should look it up. 
|
|
#
?
Nov 22, 2017 02:50
|
|
|
Bloomberg has a longer article that describes it in more detail https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data quote:Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, as an adviser
|
|
#
?
Nov 22, 2017 02:52
|
|
|
FisheyStix posted:Lol, wrecked. Why would you pay hackers hush money? There's nothing to stop them from telling everyone everything anyway its like ppl dont watch black mirror
|
|
#
?
Nov 22, 2017 02:55
|
|
|
freckle posted:look at this post. Hackers only honor deals they made with other hackers. Uber should've hired an aging former hacker with a badass nickname and a goatee as an advisor, not some NSA loser.
|
|
#
?
Nov 22, 2017 02:56
|
|
|
Goddamn Uber is really the worst loving company possible.
|
|
#
?
Nov 22, 2017 02:56
|
|
|
"Most states have laws requiring that companies notify consumers who are affected by a data breach." I hope these harmful regulations are removed soon. It's shameful that companies cannot operate totally in the shadows.
|
|
#
?
Nov 22, 2017 02:57
|
|
|
Blurry Gray Thing posted:Hackers only honor deals they made with other hackers. It's not the 80s Phone Phreaking BBS hacker world any more man. Most hackers today are scammers and would slit each other's metaphorical throats in a heartbeat. ED: I often wonder what happened to my one friend who got busted at least once by the authorities for phreaking his phone line to play Warcraft 2 without Kali
|
|
#
?
Nov 22, 2017 02:59
|
|
|
i like that posted:“We do not believe any individual rider needs to take any action,” the company said in a statement. lmbo
|
|
#
?
Nov 22, 2017 03:03
|
|
|
I guess Uber does negotiate with terrorists
|
|
#
?
Nov 22, 2017 03:09
|
|
|
Wow they got my email and phone number. 
|
|
#
?
Nov 22, 2017 03:10
|
|
|
FAGGY CLAUSE posted:Wow they got my email and phone number. do you drive for Uber? if so, they got your driver's license info too
|
|
#
?
Nov 22, 2017 04:20
|
|
|
uber. more like goober
|
|
#
?
Nov 22, 2017 04:23
|
|
|
Main Paineframe posted:do you drive for Uber? if so, they got your driver's license info too no but anyone dumb enough to drive for uber has bigger problems
|
|
#
?
Nov 22, 2017 04:48
|
|
|
I used uber exactly once to get a ride to a job interview at uber. Serves me right for loving with uber
|
|
#
?
Nov 22, 2017 05:01
|
|
|
I worked closely with Uber one time. Worst company I've ever met
|
|
#
?
Nov 22, 2017 05:01
|
|
|
Blazing Ownager posted:It's not the 80s Phone Phreaking BBS hacker world any more man. Free Kevin
|
|
#
?
Nov 22, 2017 05:09
|
|
|
https://www.youtube.com/watch?v=EQ8ViYIeH04
|
|
#
?
Nov 22, 2017 05:17
|
|
|
Boober. 
|
|
#
?
Nov 22, 2017 05:25
|
|
|
Hahaha
|
|
#
?
Nov 22, 2017 07:45
|
|
|
We should throw that Kalanick guy in jail
|
|
#
?
Nov 22, 2017 14:52
|
|
|
> ok, i have the payment ready - but i will need confirmation that the files were deleted > so please cd into the directory and type 'ls -a' and take a screenshot > and then type 'rm -rf' and take another screenshot > and then i will send the money
|
|
#
?
Nov 22, 2017 14:55
|
|
|
FAGGY CLAUSE posted:no but anyone dumb enough to drive for uber has bigger problems Yep.
|
|
#
?
Nov 22, 2017 14:58
|
|
|
There's lots of situations where companies pay a ransom rather than disclose a breach, or pay to unlock ransomwared PCs, I have no idea why this is getting this kind of coverage other than "lol uber" and "unethical!!" Like Equifax disclosed their breach that doesn't make the poo poo any better, you just know about it, and the folks that got the Uber data seemingly did go through with deleting it and keeping the incident quiet. Other than its Lol uber, wouldn't you rather want some company to shell out $100k instead of shrugging and having your info get dumped?
|
|
#
?
Nov 22, 2017 14:59
|
|
|
OXBALLS DOT COM posted:We should throw that Kalanick guy in jail First refusing to stand for the national anthem and now this smh
|
|
#
?
Nov 22, 2017 15:00
|
|
|
Ham Sandwiches posted:Other than its Lol uber, wouldn't you rather want some company to shell out $100k instead of shrugging and having your info get dumped? The data can still get dumped at any time. This was purely a move to delay the PR fallout of the leak.
|
|
#
?
Nov 22, 2017 15:00
|
|
|
It's also illegal to cover it up like they did
|
|
#
?
Nov 22, 2017 15:01
|
|
|
It's time to but some loving silicon valley nerds in jail
|
|
#
?
Nov 22, 2017 15:02
|
|
|
Tallgeese posted:The data can't still get dumped at any time. If it actually got deleted then what they did was way better than not paying imo If it doesn't show up in the next few weeks I'd say it was money well spent
|
|
#
?
Nov 22, 2017 15:02
|
|
|
OXBALLS DOT COM posted:It's also illegal to cover it up like they did There are sooooooooooooo many breaches that don't get disclosed, I get what you're saying, but also, lol Like the Yahoo poo poo coming out when Verizon was buying them for liability reasons etc etc
|
|
#
?
Nov 22, 2017 15:03
|
|
|
It's time to put some nerds in jail
|
|
#
?
Nov 22, 2017 15:04
|
|
|
Ham Sandwiches posted:There's lots of situations where companies pay a ransom rather than disclose a breach, or pay to unlock ransomwared PCs, I have no idea why this is getting this kind of coverage other than "lol uber" and "unethical!!" your stupid
|
|
#
?
Nov 22, 2017 17:25
|
|
|
i like that posted:your stupid Super mad that Uber negotiates with terrorists!!
|
|
#
?
Nov 22, 2017 17:26
|
|
|
Ham Sandwiches posted:There are sooooooooooooo many breaches that don't get disclosed, I get what you're saying, but also, lol There's a lot of unsolved crimes out there too. Doesn't make it ok to do them.
|
|
#
?
Nov 22, 2017 17:26
|
|
|
i like that posted:your stupid
|
|
#
?
Nov 22, 2017 17:27
|
|
|
Ham Sandwiches posted:Other than its Lol uber, wouldn't you rather want some company to shell out $100k instead of shrugging and having your info get dumped? They should have disclosed the fact that they got hacked
|
|
#
?
Nov 22, 2017 17:29
|
|
|
Guys come on, if they paid the ransom and then they release the info anyway the hand of the free market will ensure that next time uber chooses to get hacked it will be by a different more reliable institution.
|
|
#
?
Nov 22, 2017 17:31
|
|
|
|
| # ? Apr 27, 2024 01:42 |
|
|
Dog Jones posted:They should have disclosed the fact that they got hacked Like if you're paying the money though it's to have it fly under the radar like shitloads of other hacks do and if the data got deleted then its sorta a hack, as in, other people had access to the poo poo but got rid of it I get the disclosure and all that, just this whole thing seems super reasonable vs tons of hacks you simply don't hear about until the day the dumps appear / ever if the dumps don't appear What I'm saying is poo poo is getting hacked left and right and the stuff being disclosed is such a tiny portion of it so in this case 
|
|
#
?
Nov 22, 2017 17:33
|
|