Monday, November 27, 2017

Uber hides a massive data leak for a year!

Uber, the cab sharing and logistics service with operations in 77 countries as of today, had a major data leak in 2016 and hid it from everybody for about a year!

As per a press note issued by Uber's new CEO, the data leak occurred in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use.

Uber now claims that the two individuals were approached and they've assured the company that the data will not be misused. The company has also individually notified the 600,000 drivers in the US whose license details were leaked, and 57 million users the world over. As all companies do, Uber also says they have spruced up web security after this incident.

Bloomberg has reported that Uber had to pay ransom of $100,000 to the hackers to keep quiet and delete the stolen data.

How did the data breach occur?

According to BloombergTwo attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

The company has earlier faced a data breach, of a small scale though, in 2014.