Grand Theft Data: Uber Announces Almost 60 Million Accounts Compromised In Data Breach


The CEO of the popular ride-sharing app, Uber, published a bombshell letter to the public yesterday, stating that two hackers had stolen information from almost 60 million driver and rider accounts in October 2016.

The compromised personal information includes names, email addresses, driver's license numbers, and mobile phone numbers. According to a statement from Dara Khosrowshahi, Uber's current CEO, the hackers did not gain access to credit card numbers, Social Security numbers, birth dates, or trip location information.

Anonymous sources speaking to Bloomberg and The New York Times said that the company's then Chief Executive Officer and Chief Security Officer brokered a deal with the hackers to pay $100,000 in ransom in exchange for the deletion of the data and a non-disclosure agreement, and that Uber hid the payouts. The New York Times reported that Uber has fired their CSO for this breach response.

Uber's revelation highlights two key issues for organizations in ensuring good cybersecurity hygiene.

The first issue is that third-party security is your security. The hackers' point of entry into Uber's system was through a third-party cloud-based service. Using a third-party service to compromise a major corporation is frequent method of attack for hackers—as has been discovered lately by Orange Is The New Black, Target, Home Depot, Costco, and more.

Organizations using cloud-based service providers should understand the steps that the provider takes to maintain security. This is not only important for the purpose of...

To continue reading