Uber concealed hack of 57 million accounts for more than a year


The San Francisco-based startup confirmed a Bloomberg story on Tuesday that hackers stole the personal data of millions of users, including the names and driver's license numbers of 600,000 of its drivers, in October 2016.

"None of this should have happened, and I will not make excuses for it", Uber CEO Dara Khosrowshahi, told the publication in an emailed statement. He was not at the helm when it happened.

Governments around the globe launched investigations into Uber Technologies Inc after the company disclosed it had covered up a breach that exposed data on millions of customers and drivers, the latest scandal to rock the ride-hailing firm.

"If Uber did indeed secretly pay-off the hackers to keep the breach quiet, then a possible cover up of the incident is problematic and must be investigated", Pallone, a New Jersey Democrat, said in a statement.

Travis Kalanick, Uber co-founder and former CEO, was made aware of the breach in November 2016.

The attackers gained access to a private GitHub repository used by Uber software engineers and used login credentials which were available on the repository to access data on an Amazon Web Services account that was used to handle computing tasks.

In early 2016, Schneiderman announced a settlement with Uber stemming from an investigation into the company's handling and protection of riders' personal information.

More news: WILL HE RESIGN? Mugabe Meets Army Bosses
More news: Uber orders huge fleet of autonomous Volvos
More news: Alibaba gobbles up stake in China's Walmart

Khosrowshahi says hackers accessed the data through a third-party, cloud-based service.

"You may be asking why we are just talking about this now, a year later". The cab service provider, this week, fired its chief security officer and one of his deputies for allegedly being involved in hiding the hack.

Uber has always failed to protect driver and passenger data. From there, the hackers discovered an archive of rider and driver information.

Hackers are known to take seemingly low-value information, such as email addresses, and build on them with what they can find or steal elsewhere to prey on victims, according to McAfee vice president of labs Vincent Weafer. Uber may have violated Californian breach disclosure laws as well.

He said the incident, which he had only recently learned of, did not breach our corporate systems or infrastructure.

A stream of executives have left Uber in recent months amid controversies involving sexual harassment, data privacy and business practices in Asia. Regulatory authorities were being notified, the company added. While Khosrowshahi is promising change, Kalanick's place in a leadership role serves as a reminder they are keeping someone who signed off on controversial issues tied to the company.