Hackers Stole Info of 57 Million Uber Customers, Then Uber Paid Them $100K to Keep Quiet

uber security breach

Uber, the taxi-killing tech company long-run by a box full of assholes who have since mostly departed, revealed today that it was hacked just over a year ago and paid the hackers who stole millions of customers’ data to keep quiet. See – assholes.

The hackers stole info from 57 million customers, as well as the data from 7 million drivers. The info they accessed included names, email addresses, and phone numbers, but thankfully, did not include social security numbers, credit card details, or trip location info. At least 600,000 drivers did have their driver’s license numbers stolen, though. That’s all according to Uber, anyways, the company that successfully concealed this security breach for over a year.

Hackers were able to access all of the info by gaining access to a private GitHub that Uber engineers were using. From there, they obtained login credentials that allowed them access to the data that was stored on an Amazon Web Services account. Once they had it, they contacted Uber asking for cash.

Uber paid the hackers $100,000 to delete the data and also keep quiet, which is why we haven’t heard about this until now. Uber does not believe that any of the data was ever used, but would not disclose who it was that stole it.

Uber’s new CEO, Dara Khosrowshahi, who took over in September, likely just found out about this breach and told Bloomberg that “None of this should have happened” and that Uber is “changing the way” it does business. Part of that response was the firing of CFO Joe Sullivan, the man who took the lead on keeping this all quiet.

Fun.

// Bloomberg