Uber has had a asperous activity in the accessible eye for some time now, and that looks to alone get worse as the ride-sharing annual afresh appear a abstracts aperture that happened over a year ago and that it paid the hackers $100,000 to annul the baseborn claimed data.
There is affluence to anatomize here, so let’s alpha with the hack itself, which happened as a aftereffect of two bodies accessing an annal of accession and disciplinarian advice in October 2016. This advice was begin on an Amazon Web Services annual that handled accretion tasks for Uber, with login advice acquired through a clandestine GitHub coding site.
The two attackers again emailed Uber, adage that they had claimed advice of 50 actor Uber riders and 7 actor Uber drivers. Acquired advice included names, email addresses, and phone numbers, forth with the US driver’s authorization numbers of 600,000 drivers. Thankfully, no Social Security numbers, acclaim agenda information, cruise area details, or added advice were obtained.
This is area things booty a about-face for the worse. Back abstracts breaches like this happen, companies are allowable to acquaint bodies and government agencies. Not alone that, but Uber is accurately answerable to acknowledge to regulators breaches of its riders’ driver’s authorization information. Instead, Uber absitively to accumulate the aperture clandestine and paid the hackers $100,000 to annul the baseborn claimed data.
Uber CEO Dara Khosrowshahi, who was not with the aggregation at the time of the hack, believes that the abstracts was never used, but the aggregation about anchored the abstracts implemented tighter security measures:
See Also: hack facebookIn accession to the above steps, Uber additionally brought on above National Security Agency accepted admonition Matt Olsen to advice the aggregation restructure its security teams and cybersecurity close Mandiant to investigate the breach. Uber additionally affairs to absolution a account to its barter apropos the aperture and will accommodate drivers chargeless acclaim aegis ecology and character annexation protection.
Finally, Uber additionally asked for Joe Sullivan’s resignation, back Sullivan was the security arch who led the company’s acknowledgment to the breach. Uber additionally accursed Craig Clark, a chief advocate who appear to Sullivan.
That may be all able-bodied and good, but ability booty a bit until Uber can put this in the past. Aloof a few hours ago, a accusation was filed in federal cloister in Los Angeles adjoin Uber for its abortion to “implement and advance reasonable security procedures and practices adapted to the attributes and ambit of the advice compromised in the abstracts breach.” New York Attorney Accepted Eric Schneiderman additionally accepted he will barrage an analysis into the breach.
Making affairs worse, Uber faced the catechism of what to do about this aperture while negotiating with the Federal Trade Commission over how to handle chump abstracts and aloof afterwards clearing a accusation with New York Attorney Accepted Eric Schneiderman.
Also accumulate in apperception that this is all accident after so abundant as a chat from Travis Kalanick, who was Uber’s CEO back the aperture happened and who abstruse of it in November 2016. That begs the catechism of why Kalanick charcoal quiet about this, absolutely how abundant he knew about the breach, and why he is still on Uber’s board.
Thoughts on London’s Uber ban: Innovation vs Regulation
Latest Uber amend brings alive area sharing, alarm expansions, and abundant more
At the time of the incident, we took actual accomplish to defended the abstracts and shut bottomward added crooked admission by the individuals. We additionally implemented security measures to bind admission to and strengthen controls on our cloud-based accumulator accounts.
Comments
Post a Comment