The company has subsequently covered up the hack by paying $100,000 to hackers, who then destroyed the data.
Uber has admitted that it paid hackers to conceal a massive cyber attack which affected 57 million customers around the world. The data breach also affected the drivers of the service.
The ride-hailing app has confirmed that the attack took place in October last year but the breach was covered up by the company when it paid hackers $100,000 equivalent to £75,000 to delete the data. It has now emerged that the international company sacked Joe Sullivan, its chief security officer as well as one of his deputies for the role they both played in keeping the hack under wraps.
While breaking the story, Bloomberg News, reported that the names, email addresses and phone numbers of over 50 million users compromised during the leak. A further seven million drivers were also put at risk when their details were exposed. Hackers were also able to access 600,000 US driver’s license numbers.
The news outlet also reported that the company’s former chief executive, Travis Kalanick, was aware of the breach over a year ago. According to Uber, a multi-billion dollar company, it is believed that the information was never used by the hackers. The company has refused to disclose the identities of those behind the hack.
Uber’s new chief executive Dara Khosrowshahi said that the company had seen no evidence of fraud or misuse of information which could be tied to the attack. And, according to one major news source, the company is monitoring the affected accounts.
Uber has also flagged the hacked accounts for additional fraud protection is has been reported. In a statement, Uber said that at the time of the hack, immediate steps were taken to shut down any further unauthorized access by anyone.
The company has also stated that it subsequently identified the individuals involved and obtained assurances from them that the downloaded data had been destroyed. According to Uber additional security measures were put in place.
Khosrowshahi, who joined Uber in September said that many have asked why the company had only spoken of the hack a year later. Having the same question, the chief executive immediately requested a thorough investigation of what happened and how the company has handled it.
This comes amidst further scrutiny faced by the company over allegations of sexual harassment. The allegations were made earlier this year by former Uber engineer Susan Fowler who has detailed her experiences in a blog post titled ‘Reflecting on One Very, Very Strange Year at Uber’.
Adding to its negative publicity Uber was also stripped of its license to work in London by the regulator Transport for London (TfL) after being deemed unfit to hold a private hire operator license. The company has now said that it has a legal obligation to report the hack to regulators and to drivers whose license numbers were taken.