Uber Paid Hackers to Delete Stolen Data on 57 Million People
Following a 2016 hack including names, emails, adresses, and phone numbers of 57 millions Uber users and drivers, the company has paid 100,000 USD to hackers hoping that the data collected would be deleted. This decision was in line with Uber's strategy to try to keep the breach quiet while limiting potential abuses. The company said that they believe the data had not been used without being able to provide any proof. The hack itself was conducted through a GitHub private repositories that the attackers gained access to, obtaining credentials allowing them to access data stored on an Amazon Web Services account.
The french data protection organisation CNIL later fined Uber 400,00 EUR, claiming the Uber's reaction had been innapropriate as it tried to hide the information from its users.
https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
Writer: Eric Newcomer
Publication: Bloomberg