Some details about the massive data breach on Uber
Uber had recently availed the services of an external cyber security agency following a huge information breach which impacted it. However, on their analysis and extensive research, the firm found no proof that the details and information related to rider credit card, bank details or Social Security numbers were assimilated and availed by two hackers as based on what the ride-hailing giant responded back to queries related to the incident from US senators.
In any case, the ride-hailing brand revealed that at times, the hackers assimilated location data from where individuals registered for Uber, and additionally very much fortified encrypted versions of client passwords.
Last month, Uber unveiled the news that names, email addresses and mobile contact numbers of 57 million drivers and riders had been compromised and hacked. In a mail addressing to four Republican senators as lead and spearheaded by Commerce Committee Chairman John Thune of South Dakota, the organization revealed that Mandiant, the security firm, found out that 32 million of victims subject to this breach are outside the US and 25 million are located within the country. Speaking about the aggregate, 7.7 million were Uber drivers where they were within the United States and hackers were able to access the driver permit numbers related to 600,000 of them. This was according to what Uber’s new CEO Dara Khosrowshahi had to address in a letter.
The ride-hailing organization additionally noted it has not observed or acquired any proof of illegal activities or malicious manipulation of information as associated with the breach, which was featured for over a year prior being uncovered. The mail further detailed that with regards to this breach two employees were fired from Uber for not revealing the issue to the relevant authorities.
The hackers on their end mailed Uber’s team of Security in a mysterious manner last year, November 14th notifying about this invasion and that they wanted a ransom to be paid. Uber made strides in search for the source of this activity and narrowed down on the source in private cloud information amassed on Amazon’s web services and deactivated the activity, which was associated with a ‘compromised credential’ as per what the mail had to delineate.
The CEO of Uber added in the mail that the security group at Uber initially came into terms to pay $100,000 for the hackers in exchange to expunge and delete the information and were soon able to decode the hacker’s real names. The associated parties signed documents guaranteeing and ascertaining the fact that the hacked data was eliminated. The team got the insight that the hackers invaded and accessed the data in October last year and there were no signs of activities after Nov 15th, 2016
Uber informed the US Attorney’s workplaces in San Francisco and Manhattan, and in addition other government bodies and representatives, on November 21 of this current year, yet it’s uncertain whether any criminal investigation related to the breach has been begun. Both the office refused to disclose any clarity regarding the same.
Uber incorporated extra fortifications to prevent the menace of the hackers, encompassing a two-step validation for one of the services which was subject to hacking as per what the mail had to say.