In today’s world, where information comes easily, one would think that it would have been impossible for ride-hailing giant Uber to keep silent about a massive system hack that happened in 2016. Well, apparently, they were able to keep a lid on it, and even CEO Dara Khosrowshahi didn’t know about the security breach until recently.
In a report that first appeared in Bloomberg, Uber admitted that data on 57 million customers and drivers was compromised by hackers last year. A pair of hackers stole data containing the names, email addresses, and phone numbers of 57 million Uber users, as well as the driver’s licenses of some 600,000 Uber drivers in the United States.
Khosroshani confirmed the theft in a statement issued on November 2I. “I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” the Uber CEO wrote. Supposedly, the hackers accessed a private GitHub coding site that Uber software engineers use, and logged in using security credentials stored in an Amazon Web Services account.
“The incident did not breach our corporate systems or infrastructure,” Khosroshani added. Uber confirmed to NPR that there was no forensic evidence indicating that the hackers got hold of more sensitive data, such as the trip location history of Uber users, their credit card or bank account information, Social Security numbers, or dates of birth.
A source close to Uber told Bloomberg that the company paid the hackers $100,000 to delete the stolen data and keep quiet about the incident, although the company has yet to confirm if the data was, in fact, deleted. The source also told NPR that it was security officer Joe Sullivan and one of his deputies that ensured the hack wasn’t made public. Uber has since fired Sullivan and the deputy.
This news follows a series of mishaps Uber has recently been involved in, from the high-profile firing of former CEO Travis Kalanick to more recent regulatory troubles in Quebec and the Philippines, and an outright ban of the ride-hailing service in London.
But perhaps bigger than any of these issues is the underlying problem behind the hack, which is not unique to Uber. In the past several years, hackers have infiltrated several big companies, including Target Corp., Sony Pictures, Anthem Inc., and more recently, Equifax Inc. Other equally disturbing hacking incidents include the massive email hack of a candidate in a recent French election, the U.S. Democratic National Committee (DNC) hack in 2016, as well as the WannaCry attack in May that crippled hospitals.
Naturally, the prevalence of such security breaches has raised concerns and fears over the inadequacies of today’s cybersecurity systems, which include data encryption and a number of security tools that prevent malware from accessing data servers and networks. All of these, however, have proven to be ineffective against a determined and skilled hacker.
The continued advancement of computing systems is making things even more difficult, especially with increasingly more complex machine learning systems that make it harder to distinguish between humans and computers. All of these developments require more advanced and sophisticated security measures.
Companies are becoming increasingly aware of the need for improved cybersecurity, but they need to act faster and band together, as Microsoft president Brad Smith recently told the United Nations. In fact, some have even proposed that cybersecurity be considered an absolute human right.