Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Uber
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Delayed disclosure of data breaches === On February 27, 2015, Uber admitted that it had suffered a [[data breach]] more than nine months prior. Names and license plate information from approximately 50,000 drivers were inadvertently disclosed.<ref>{{cite news | last1=Guess | first1=Megan | title=50,000 Uber driver names, license plate numbers exposed in a data breach | url=https://arstechnica.com/business/2015/02/50000-uber-driver-names-license-plate-numbers-exposed-in-a-data-breach/ | work=[[Ars Technica]] | date=February 28, 2015 | archive-date=November 25, 2016 | archive-url=https://web.archive.org/web/20161125151136/http://arstechnica.com/business/2015/02/50000-uber-driver-names-license-plate-numbers-exposed-in-a-data-breach/ | url-status=live | df=mdy-all }}</ref> Uber discovered this leak in September 2014, but waited more than five months to notify the affected individuals.<ref>{{cite news | url=https://techcrunch.com/2015/02/27/uber-database-breach-exposed-information-of-50000-drivers-company-confirms/ | title=Uber Database Breach Exposed Information Of 50,000 Drivers, Company Confirms | last=Taylor | first=Colleen | work=[[TechCrunch]] | date=February 22, 2015 | archive-date=December 30, 2017 | archive-url=https://web.archive.org/web/20171230044044/https://techcrunch.com/2015/02/27/uber-database-breach-exposed-information-of-50000-drivers-company-confirms/ | url-status=live | df=mdy-all }}</ref> An announcement in November 2017 revealed that in 2016, a separate data breach had disclosed the personal information of 600,000 drivers and 57 million customers. This data included names, email addresses, phone numbers, and drivers' license information. Hackers used employees' usernames and passwords that had been compromised in previous breaches (a "[[credential stuffing]]" method) to gain access to a private [[GitHub]] repository used by Uber's developers. The hackers located credentials for the company's [[Amazon Web Services]] datastore in the repository files, and were able to obtain access to the account records of users and drivers, as well as other data contained in over 100 [[Amazon S3]] buckets. Uber paid a $100,000 ransom to the hackers on the promise they would delete the stolen data.<ref>{{cite news | last=Lee | first=Dave | title=Uber concealed huge data breach | work=[[BBC News]] | url=https://www.bbc.com/news/technology-42075306 | date=November 22, 2017 | archive-date=June 25, 2018 | archive-url=https://web.archive.org/web/20180625153418/https://www.bbc.com/news/technology-42075306 | url-status=live | df=mdy-all }}</ref><ref>{{cite news | last=Farivar | first=Cyrus | title=Hackers hit Uber in 2016: data on 57 million riders, drivers stolen | url=https://arstechnica.com/tech-policy/2017/11/report-uber-paid-hackers-100000-to-keep-2016-data-breach-quiet/ | work=[[Ars Technica]] | date=November 21, 2017 | archive-date=November 22, 2017 | archive-url=https://web.archive.org/web/20171122092119/https://arstechnica.com/tech-policy/2017/11/report-uber-paid-hackers-100000-to-keep-2016-data-breach-quiet/ | url-status=live | df=mdy-all }}</ref> Uber was subsequently criticized for concealing this data breach.<ref>{{cite news | url=https://www.theguardian.com/technology/2017/nov/22/uber-scrutiny-data-breach-hacking | title=Uber faces slew of investigations in wake of 'outrageous' data hack cover-up | first=Julia Carrie | last=Wong | author-link=Julia Carrie Wong | work=[[The Guardian]] | date=November 22, 2017 | archive-date=November 22, 2017 | archive-url=https://web.archive.org/web/20171122220336/https://www.theguardian.com/technology/2017/nov/22/uber-scrutiny-data-breach-hacking | url-status=live | df=mdy-all}}</ref> Dara Khosrowshahi publicly apologized.<ref>{{cite news | title=Uber Paid Hackers to Delete Stolen Data on 57 Million People | url=https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data | work=[[Bloomberg News]] | date=November 21, 2017 | url-access=subscription | archive-date=November 21, 2017 | archive-url=https://web.archive.org/web/20171121220601/https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data | url-status=live | df=mdy-all }}</ref><ref>{{cite news | url=https://business.financialpost.com/pmn/business-pmn/uber-reveals-coverup-of-hack-affecting-57m-riders-drivers-2 | title=Uber reveals coverup of hack affecting 57M riders, drivers | first=Michael | last=Liedtke | agency=[[Associated Press]] | work=[[Financial Post]] | date=November 22, 2017 | archive-date=September 8, 2018 | archive-url=https://web.archive.org/web/20180908164515/https://business.financialpost.com/pmn/business-pmn/uber-reveals-coverup-of-hack-affecting-57m-riders-drivers-2 | url-status=live | df=mdy-all}}</ref> In September 2018, in the largest multi-state settlement of a data breach, Uber paid $148 million to the [[Federal Trade Commission]], and admitted that internal access to consumers' personal information was closely monitored on an ongoing basis was false, and stated that it had failed to live up to its promise to provide reasonable security for consumer data.<ref>{{Cite news | url=https://www.wsj.com/articles/uber-to-pay-148-million-penalty-to-settle-2016-data-breach-1537983127 | title=Uber to Pay $148 Million Penalty to Settle 2016 Data Breach | last=Al-Muslim | first=Aisha | work=[[The Wall Street Journal]] | date=September 26, 2018 | issn=0099-9660 | archive-date=September 27, 2018 | archive-url=https://web.archive.org/web/20180927030837/https://www.wsj.com/articles/uber-to-pay-148-million-penalty-to-settle-2016-data-breach-1537983127 | url-status=live | df=mdy-all}}</ref> In November 2018, Uber's British divisions were fined Β£385,000 (reduced to Β£308,000) by the [[Information Commissioner's Office]].<ref>{{cite web | url=https://ico.org.uk/media/action-weve-taken/mpns/2553890/uber-monetary-penalty-notice-26-november-2018.pdf | title=Monetary Penalty Notice (Uber) | publisher=[[Information Commissioner's Office]] | date=27 November 2018 | archive-date=November 28, 2018 | archive-url=https://web.archive.org/web/20181128164802/https://ico.org.uk/media/action-weve-taken/mpns/2553890/uber-monetary-penalty-notice-26-november-2018.pdf | url-status=live | df=mdy-all }}</ref> In 2020, the [[US Department of Justice]] announced criminal charges against former Chief Security Officer [[Joe Sullivan (Internet security expert)|Joe Sullivan]] for [[obstruction of justice]]. The criminal complaint said Joe Sullivan arranged with Travis Kalanick's knowledge, to pay a ransom for the 2016 breach as a "bug bounty" to conceal its true nature, and for the hackers to falsify non-disclosure agreements to say they had not obtained any data.<ref>{{Cite news |url=https://www.npr.org/2020/08/20/904113981/former-uber-executive-charged-with-paying-hush-money-to-conceal-massive-breach |title=Former Uber Executive Charged With Paying 'Hush Money' To Conceal Massive Breach | first=SHANNON | last=BOND | work=[[NPR]] | date=August 20, 2020}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)