A massive Uber hack took place in October 2016, compromising the data of 57 million accounts. Why are we just hearing about it now?
Last Tuesday, ride-hailing firm Uber revealed that they had concealed a major security breach for more than a year, Bloomberg reports. In October 2016, a cyber attack compromised the names, email addresses, and phone numbers of 50 million Uber riders and 7 million drivers—including 600,000 US driver’s license numbers.
Instead of reporting the hack to regulators, riders, and drivers, Uber paid the hackers $100,000 to delete the data. Uber CEO Dara Khosrowshahi (who took over the leadership in September) wrote in an email:
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
As a result of the hack and te cover-up, chief security officer Joe Sullivan and another executive were fired. Uber’s co-founder and former CEO Travis Kalanick learnt of the hack in November 2016. As of this writing, he has not commented on the hack.
Because Uber hasn't let individual users know whether or not they were affected by the hack, Forbes recommends that it's best to play it safe and assume that you were affected by the Uber hack.
What should you do? As with any possible security breach, the first thing you should do is change your passwords into something completely new—not something you've used on other sites.
Then, you should check your accounts and credit card bills for any suspicious activity. Though Uber says that their investigations have found no indication that credit card numbers and bank account numbers were downloaded, erring on the side of caution can't hurt.