ICT Security-Sécurité PC et Internet

Bloomberg reports on what seems to be a security scandal at Uber.

The ride-sharing firm concealed the theft of personal information related to 57 million customers and drivers, and rather than inform the concerned parties "paid hackers $100,000 to delete the data and keep the breach quiet."

The hack which Uber says is said to have happened in October 2016, and included the names, email addresses and phone numbers of 50 million Uber customers across the globe.

Bloomberg has the skinny on how the hack occurred, and it doesn't portray Uber in a good light, being the latest example of careless developers leaving internal login passwords lying around online:

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

Joe Sullivan, Uber's chief security officer (and at one time the main security honcho at Facebook), spearheaded the company's response to the breach alongside one other employee. Both are said to have left their positions at Uber this week.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Uber concealed a massive data breach for more than a year, according to a report by Bloomberg.

Hackers stole names, email addresses, and phone numbers of 57 million Uber riders around the world in a breach dating back to October 2016. Data on more than 7 million drivers was also stolen, including over 600,000 drivers' license records.

Trip records, location data, and social security numbers were not stolen in the breach, the company said.

But instead of alerting users of the breach, the company paid the hackers $100,000 to delete the data and to keep details of the breach quiet.

The company confirmed the breach, in a lengthy statement posted on Tuesday.

"As Uber's CEO, it's my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of," said Dara Khosrowshahi. "For that to happen, we have to be honest and transparent as we work to repair our past mistakes."

According to Bloomberg, two hackers broke into a private GitHub repo used by Uber software engineers, and were able to gain access to an Amazon Web Services account that handled and controlled tasks by the ride-sharing service. The hackers found a trove of rider and driver data, downloaded it, and reportedly emailed the company demanding money.

Uber has said, however, that individual riders do not need to take "any action," following the announcement.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Uber sind bereits vor gut einem Jahr Daten von rund 50 Millionen Fahrgästen gestohlen worden. Der Fahrdienst-Vermittler informierte die Öffentlichkeit aber erst am Dienstag über den Vorfall.

Es gehe um Namen, E-Mail-Adressen und Telefonnummern von Nutzern rund um die Welt, erklärte Uber dem Finanzdienst Bloomberg. Außerdem hätten sich die Angreifer auch Zugriff auf Daten von etwa sieben Millionen Uber-Fahrern verschafft.

Es seien aber keine Kreditkarten-Daten oder Informationen zu Fahrten gestohlen worden, betonte die Firma.

Uber räumte nun ein, dass über die Attacke weder Behörden noch Betroffene informiert worden seien. Stattdessen seien den Hackern 100.000 Dollar (rund 85.000 Euro) bezahlt worden, damit sie die gestohlenen Daten vernichten.

„Nichts davon hätte passieren dürfen“

Uber gehe davon aus, dass die Informationen nicht verwendet worden seien, hieß es. Die Hacker seien durch eine schlecht geschützte Datenbank an die Daten gekommen. Der Uber-Sicherheitschef Joe Sullivan wurde diese Woche entlassen, wie Uber weiter mitteilte.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Uber concealed a hack that affected 57 million customers and drivers, the company has confirmed.

The 2016 breach was hidden by the ride-sharing firm which paid hackers $100,000 (£75,000) to delete the data.
The company's former chief executive Travis Kalanick knew about the breach over a year ago, according to Bloomberg, which first broke the news.

The hackers found 57 million names, email addresses and mobile phone numbers, Uber said.
Within that number, 600,000 drivers had their names and license details exposed. A resource page for those affected has been set up.

Drivers have been offered free credit monitoring protection, but per Uber's statement, affected customers will not be given the same.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Uber's chief executive Dara Khosrowshahi said.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber