Ride hailing firm Uber has revealed a major hack last year exposed the personal data of 57 million users. Even worse is the news that Uber’s security chief paid the hackers $100,000 to cover up the incident in the hope of preventing the breach from going public.
The incident was announced by Uber CEO Dara Khosrowshahi who claimed that he had only recently learned about it himself. Two senior managers in charge of IT security where fired shortly afterwards.
A very serious breach
According to the report, two hackers were able to download names, email addresses and mobile phone numbers of 57 million Uber users around the world and the names and driver’s license numbers of 600,000 U.S. drivers. Although credit card numbers and passwords were not included, the stolen details would be enough for cybercriminals to start an identity fraud operation.
Instead of reporting the breach to authorities and services users – as required by US law – Uber decided to pay the hackers to keep quiet. The two individuals involved in the attack were paid $100,000 in return for supplying proof that they had deleted the stolen data.
An ongoing problem
Uber already has a reputation for breaking rules, and for tracking users even after they have closed the app. The sheer volume of valuable personal data held by Uber makes it a very attractive target for hackers, but the company’s attempts to hide their activities increases customer distrust.
Although a data breach is embarrassing and expensive, attempting to cover it up is even more damaging – people simply do not trust the service to handle their personal data safely.
Protecting yourself now
Although Uber claim that login details were not compromised, you should still change your password just in case. Make sure that you create a strong password to further improve security.
And don’t forget, hackers will also try and steal data direct from your mobile phone, not just Uber’s data centre. Protect your smartphone with the free Mobile Security app, blocking the malware that steals passwords, credit card details and other sensitive personal information.
Data Theft Incidents on the Rise
As we informed on a previous post, in the first half of 2017, more data was stolen than in all of 2016. The 918 security breaches registered by Gemalto’s Breach Level Index led to the theft of almost 2 billion records, which is 164% more than the figures for the whole of last year. For companies to avoid being in that position, the first step is to be aware of the importance of implementing effective security measures and policies.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
