Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
Hand holding smartphone running Uber app

Uber data breach cover-up: security pros speak out

Posted on November 23, 2017November 23, 2017 By Davey Winder

Industry responds as Uber suffers 57 million record breach, then pays hush-money to prevent disclosure to customers in shocking cover-up.

Here’s the skinny: in 2016 the app-based taxi supremo was breached by threat actors who managed to access the personal data of some 57 million Uber customers and drivers alike. The latter including some 600,000 whose names and driving license details were exposed. The breach is thought to have been facilitated by the discovery of Uber log-in credentials for Amazon Web Services (AWS) from a private area of the Github developer code depositary. So far, so routinely poor; but things then got worse, a lot worse. According to the Bloomberg reporters that uncovered the breach details, Uber then took the decision to pay off the attackers with $100,000 as part of a deal to delete any stolen data and keep silent about the breach. The CSO at the time, Joe Sullivan, has since parted ways with Uber. Quite why the company decided not to notify customers whose data was potentially compromised by this breach is, frankly, beyond me. Me, and much of the security industry it would seem; most of the coverage has been focussed on the hush-money aspect rather than the breach itself.

Click here to read complete article

Breach, News, Opinion Tags:breach, disclosure, Reputation, Response, Uber

Post navigation

Previous Post: Attack of the intelligent cyber-bees
Next Post: OWASP vulnerability chart suggests web app devs are not smelling the security coffee

Related Articles

New Mass Gmail Rejections To Start April 2024, Google Says Gmail
Big Game Hackers Smash $1 Billion Ransomware Barrier Cybercrime
Yeah, But No, But Yeah: The Strange Tale Of 3 Million Hacked Toothbrushes Hacking
Google To Crack Down Against Spammers To Protect Gmail Users Gmail
New Google Report Warns Of ‘Real And Significant Threat’ To User Privacy Google
iPhone Under Attack: U.S. Government Issues 21 Days To Comply Warning Apple

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government Hackers Hacking Health healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Twitter Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2025 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy