Uber Hid Security Breach Impacting 57 Million People, Paid Off Hackers

Uber Hid Security Breach Impacting 57 Million People, Paid Off Hackers

6 years ago
Anonymous $ZOEEBQ1zf0

https://www.techdirt.com/articles/20171121/17135238665/uber-hid-security-breach-impacting-57-million-people-paid-off-hackers.shtml

It's no secret that Uber's management over the years has been pretty sketchy, if not downright nefarious. At some point I may write a longer post about this, but it appears that the company culture took the idea of reasonably pushing back on bad laws (such as those that restricted competition in the taxi space) and took it to mean that it could just ignore all sorts of rules. And it appears that a company culture was created that celebrated rulebreaking in all sorts of ways -- most of which were bad. The company has a new CEO, Dara Khosrowshahi, who comes in with a strong reputation and has indicated his intent to change the culture. On Tuesday, the company admitted that it had covered up that data on 57 million users had been leaked. While the data didn't include credit card info or trip data, it did include drivers' license info for 7 million drivers, and the email addresses and phone numbers of 50 million riders.

It's bad enough that the data leaked, but covering it up is serious -- and means that the company is going to be hit with lawsuits. California (among others) has a strong data breach law, and it seems quite likely that Uber broke that law in failing to alert people that their info had been accessed. Perhaps more incredibly, the cover-up happened at the very same time that the company was negotiating with FTC officials over a previous data breach. Also, it appears that Uber paid off the hackers who were trying to extort the company to keep the data secret:

Uber Hid Security Breach Impacting 57 Million People, Paid Off Hackers

Nov 22, 2017, 9:26pm UTC
https://www.techdirt.com/articles/20171121/17135238665/uber-hid-security-breach-impacting-57-million-people-paid-off-hackers.shtml >It's no secret that Uber's management over the years has been pretty sketchy, if not downright nefarious. At some point I may write a longer post about this, but it appears that the company culture took the idea of reasonably pushing back on bad laws (such as those that restricted competition in the taxi space) and took it to mean that it could just ignore all sorts of rules. And it appears that a company culture was created that celebrated rulebreaking in all sorts of ways -- most of which were bad. The company has a new CEO, Dara Khosrowshahi, who comes in with a strong reputation and has indicated his intent to change the culture. On Tuesday, the company admitted that it had covered up that data on 57 million users had been leaked. While the data didn't include credit card info or trip data, it did include drivers' license info for 7 million drivers, and the email addresses and phone numbers of 50 million riders. >It's bad enough that the data leaked, but covering it up is serious -- and means that the company is going to be hit with lawsuits. California (among others) has a strong data breach law, and it seems quite likely that Uber broke that law in failing to alert people that their info had been accessed. Perhaps more incredibly, the cover-up happened at the very same time that the company was negotiating with FTC officials over a previous data breach. Also, it appears that Uber paid off the hackers who were trying to extort the company to keep the data secret: