[kictanet] Uber attempted to cover up a data breach affecting 57 million people

WANGARI KABIRU wangarikabiru at yahoo.co.uk
Wed Nov 29 12:58:21 EAT 2017


"Uber didn’t confirm the precise details of the hack, but, according to Bloomberg, two hackers found Uber’s login credentials to Amazon Web Services, a Cloud computing service, where the data was stored. The hackers then blackmailed Uber for $100,000 in exchange for deleting the data and keeping quiet. But what did Uber think this would achieve? The organisation had no way of knowing whether the hackers would keep their word. The information hasn’t surfaced yet, but given that these are criminals who had the audacity to steal from and then blackmail a large company, there’s every chance that they either still have the information or have sold it on the dark web. "

As the dark web grows and becomes bolder, while bigger players may boldly navigate such negotiations, though not desired, this is certainly a killer to small business and a tall demand for the small businesses that may not have (setup) such capabilities.
Be blessed.
Regards/Wangari ---
Pray God Bless. 2013Wangari circa - "Being of the Light, We are Restored Through Faith in Mind, Body and Spirit; We Manifest The Kingdom of God on Earth".


Uber attempted to cover up a data breach affecting 57 million people

  
|  
|   
|   
|   |    |

   |

  |
|  
|   |  
Uber attempted to cover up a data breach affecting 57 million people
 Uber paid criminal hackers $100,000 (£75,000) to delete personal data belonging to its customers and drivers, th...  |   |

  |

  |

 


Uber attempted to cover up a data breach affecting 57 million people
 Luke Irwin  23rd November 2017Uber paid criminal hackers $100,000 (£75,000) to delete personal data belonging to its customers and drivers, the company has confirmed.The transport app company was breached in October 2016, and the criminals behind the hack offered to delete the data in exchange for money. Uber took the offer and ignored its legal requirement to disclose the breach, only admitting its error when Bloomberg uncovered the cover-up.The stolen data includes the names, email addresses and phone numbers of 50 million Uber customers, as well as the personal information of about 7 million drivers – 600,000 of whom also had their driver’s license numbers exposed. No Social Security numbers, payment card information, trip location details or other information was taken, Uber said.
Cynical
Data breaches are often accompanied by embarrassing stories about how the situation was mismanaged. Organisations sometimes take years to disclose an incident, and other times they deny being breached at all, but Uber has managed to combine both of those blunders in a spectacularly cynical cover-up.Uber didn’t confirm the precise details of the hack, but, according to Bloomberg, two hackers found Uber’s login credentials to Amazon Web Services, a Cloud computing service, where the data was stored. The hackers then blackmailed Uber for $100,000 in exchange for deleting the data and keeping quiet.But what did Uber think this would achieve? The organisation had no way of knowing whether the hackers would keep their word. The information hasn’t surfaced yet, but given that these are criminals who had the audacity to steal from and then blackmail a large company, there’s every chance that they either still have the information or have sold it on the dark web.Regardless, any unauthorised access to or destruction of information is considered a breach. Paying the blackmailers only served to protect the company’s reputation at the expense of the affected individuals, whose information remains categorically breached.At the time of the breach, Uber was under investigation for separate claims of privacy violations, which probably affected its decision-making. But these are not the only controversies it has been involved in. Since it was founded in 2009, Uber has faced four other criminal probes, which have looked into possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property.Uber also faces dozens of civil lawsuits, with London among several cities to have taken steps to ban the organisation’s service.Uber clearly didn’t want to add a data breach to its list of problems, but the public’s response to this story has rightly focused on the cover-up more than the breach itself. Data breaches are inevitable, so all you can ask organisations to do is identify them promptly and respond responsibly.Speaking to Bloomberg, Dara Khosrowshahi, who took over as chief executive officer of Uber in September, commented: “None of this should have happened, and I will not make excuses for it.”He added: “We are changing the way we do business.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20171129/9e9792d2/attachment.htm>


More information about the KICTANet mailing list