November 21, 2017 6:24 pm
Updated: November 21, 2017 9:23 pm

Uber reveals 2016 hack, reports say it paid $100,000 to cover up

WATCH ABOVE: Uber failed to disclose a massive breach last year that exposed the data of some 57 million users of the ride-sharing service, the company's new chief executive officer says.

A A

Information from 57 million Uber users’ accounts could be vulnerable from a 2016 hack into the ride-sharing app’s systems.

The news of the hack, which happened around a year ago, was released on Tuesday in a blog post from Uber’s CEO Dara Khosrowshahi.

But it took a year for the hack to be made public, something Khosrowshahi says is unacceptable.

READ MORE: All 3 billion Yahoo accounts were affected by 2013 hack


Story continues below

“You may be asking why we are just talking about this now, a year later,” he wrote. “I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”

At the time, the affected drivers were not notified; neither were regulators or police. According to Bloomberg News, the company paid $100,000 to keep the information private.

Two people who worked on Uber’s response to the hack have been fired, Khosrowshahi said. The New York Times and Bloomberg identified the two as former Chief Security Officer Joe Sullivan and one of his deputies.

The information accessed included Uber riders’ email addresses, phone numbers and names, and the names and licence numbers of about 600,000 U.S. drivers. The company says riders  don’t need to take action but drivers can check if they’ve been affected by reaching out to the company.

RELATED: Equifax reportedly knew for months about cyber-security vulnerability

Credit card information, along with social security numbers and dates of birth were still secure.

The data was accessed by “two individuals outside the company,” Khosrowshahi said.

READ MORE: Uber chief executive Travis Kalanick resigns after wave of controversy

In response to the incident, Uber will be contacting the affected drivers, and providing them with credit monitoring and identity theft protection.

Officials will also be monitoring both riders and drivers’ accounts for fraudulent activity.

Khosrowshahi said he has also hired a cyber security firm to access the company’s security teams and guide them going forward.

“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” he wrote.

The hack and the cover-up is the latest scandal from Travis Kalanick’s time as CEO of Uber. Kalanick resigned after months of controversy, including company-wide sexual harassment complaints.

 

© 2017 Global News, a division of Corus Entertainment Inc.

Report an error

Comments

Want to discuss? Please read our Commenting Policy first.