Uber recently announced that information of more than 50 million customers and seven million drivers had been compromised in 2016 after the system was hacked. Hackers were able to get the names, email addresses, and phone numbers of customers while more than 600,000 drivers in the United States had their license numbers exposed.
Uber noted that other sensitive information including trip location, credit card, and payment details, and social security numbers were not compromised in the attack. Details have been released that indicate that two hackers got access to login credentials of users by accessing a GitHub site utilized by Uber software engineers. This compromised database included driver and rider information which the hackers used as leverage to get money from the company.
Uber did not inform the authorities of the security breach or alert the riders’ or drivers’ information that was accessed. Their chosen course of action was to bury the hack by paying the two individuals $100,000 in exchange for deleting the data.
Ex-CEO Travis Kalanick was made aware of this information about a month after the attack occurred in November of 2016. He worked alongside former Facebook worker, Joe Sullivan, who was the chief security officer, to cover up the breach and keep the details of the hack under wraps.
The security team headed by Sullivan have made numerous controversial decisions that are currently under investigation. The investigation is why the news of this information has recently been made available to the public’s eye.
After this information was revealed, Uber fired both Joe Sullivan and the lawyer reporting to him, Craig Clark, for their role in how they covered up and handled the attack. Uber subsequently hired the firm Mandiant to look further into the situation. Matt Olsen, who formerly worked as general counsel for the National Security Agency, is helping with changing and restructuring the security teams at the company.