from the punishment-should-fit-the-crime dept.
Uber Paid Hackers to Keep Massive Cyberattack Quiet
Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.
Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver's license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.
"None of this should have happened, and I will not make excuses for it." - Dara Khosrowshahi
At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.
See also: https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data submitted by LoRdTAW.
Is it just me, or does Uber dig itself deeper each time?
Related Stories
SoftBank learned of a data breach at Uber while it was attempting to invest in the company:
Uber Technologies Inc said on Thursday that it discussed a massive data breach with potential investor SoftBank Group Corp ahead of going public with details of the incident on Tuesday.
The ride-hailing service is trying to complete a deal in which the Japanese company would invest as much as $10 billion (£7.52 billion) for at least 14 percent of Uber, mostly by buying out existing shareholders.
"We informed SoftBank that we were investigating a data breach, consistent with our duty to disclose to a potential investor, even though our information at the time was preliminary and incomplete," Uber said in a statement.
"We also made clear that our forensic investigation was ongoing," Uber said. "Once our internal inquiry concluded and we had a more complete understanding of the facts, we disclosed to regulators and our customers in a very public way."
Maybe they should wait for the stock to collapse first.
Also at Bloomberg.
Previously: SoftBank to Invest Billions in Uber
(Score: 5, Insightful) by Anonymous Coward on Wednesday November 22 2017, @04:38PM (6 children)
There's no way to trust them to "delete" the data and not resell it. If you pay them the ransom and they don't follow through, you can't do anything about it.
The only possible way I can see it working is promising to pay a monthly "hush" fee over several years, and stop paying if leaks or misuse of the data is discovered.
(Score: 2) by JNCF on Wednesday November 22 2017, @05:03PM (5 children)
If it was a group with an established reputation I could see it being probabilistically believable.
(Score: 4, Insightful) by stretch611 on Wednesday November 22 2017, @05:30PM (4 children)
If it was hackers with an established reputation, they probably would have asked for more than just $100k
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2, Touché) by Anonymous Coward on Wednesday November 22 2017, @11:18PM (3 children)
If it was hackers with an established reputation they would have government jobs.
(Score: 1, Funny) by Anonymous Coward on Wednesday November 22 2017, @11:27PM (2 children)
Not all criminal hackers are that unethical.
(Score: 2, Insightful) by anubi on Thursday November 23 2017, @10:46AM (1 child)
Quite a bargain for $100K. Look how much it would have cost them to retain a good competent software engineer.
We've all known for quite some time that hiring a lawyer to write an escape clause is a helluva lot cheaper than fixing the problem.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1, Interesting) by Anonymous Coward on Thursday November 23 2017, @12:50PM
As said before, that's but the down payment of this transaction.
(Score: 0) by Anonymous Coward on Wednesday November 22 2017, @04:43PM
Next big thing?
Go get the domain nuber.com (Not uber.com)
Start something interesting/fun there.
Repeat for other's (Nexxon)
(Score: 4, Insightful) by takyon on Wednesday November 22 2017, @05:11PM
Sure, it's a bad thing for them to incentivize this kind of blackmail, but maybe it would have been worse for Uber if this had gotten out. Although what assurance do they have that this info won't be sold or leaked?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 5, Informative) by Azuma Hazuki on Wednesday November 22 2017, @05:36PM (13 children)
So what's the problem? This sounds like a Free Market Solution (TM) to me, just like all the foaming gibbertarian morons on this site clamor for. Why is this a bad thing, O Sultans of Laissez-Faire?
I am "that girl" your mother warned you about...
(Score: 1, Troll) by NewNic on Wednesday November 22 2017, @06:11PM (10 children)
It is my belief that the origin story of this site is a lie.
The real reason that this site exists is that /. isn't right-wing enough for the founders here.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 0) by Anonymous Coward on Wednesday November 22 2017, @06:35PM
yawn
(Score: 3, Insightful) by Azuma Hazuki on Wednesday November 22 2017, @08:52PM (1 child)
Yeah, I've been thinking something similar for a while now. Between Uzzard's self-fellating laissez-faire fuck you got mine attitude (doesn't that HURT with a beak?!), Runaway's increasingly unhinged Unabomber-sounding rants, Bradley13's article basically saying "some races are stupid because genes (but don't mention Ashkenazi Jews are the smartest!) being accepted, and J-Mo's outright sociopathy on constant full blast, I'm beginning to wonder just what kind of goose-stepping skeletons live in this staff's server closet.
I am "that girl" your mother warned you about...
(Score: 4, Interesting) by NewNic on Wednesday November 22 2017, @09:35PM
Also, there is khallow's "I'm just going to ignore well-sourced facts, if they don't accord with my world view" approach, as seen in this thread:
https://soylentnews.org/comments.pl?sid=22670&cid=599794 [soylentnews.org]
If Soylentnews had more traffic I would think that he is a paid troll.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 4, Insightful) by Runaway1956 on Wednesday November 22 2017, @10:36PM (6 children)
You should actually get to know the staff. Visit IRC and talk freely. You'll quickly learn that your assumption is wrong. Yeah, Buzzard is pretty far right - but not nearly as far right as some accuse him of being. The rest? Join IRC. There are no fascists, no neonazis, none of that crap. If you want ultra-left-wing tech crap, you should head over to Google labs or something.
(Score: 2, Informative) by Anonymous Coward on Wednesday November 22 2017, @11:21PM
Not in IRC, but we have posters who fit those bills.
(Score: 3, Touché) by Azuma Hazuki on Thursday November 23 2017, @05:03AM (4 children)
The very fact that you think Google is composed of ultra-leftists kinda makes my point for me. Go back to bed, grandpa.
I am "that girl" your mother warned you about...
(Score: 2, Touché) by Runaway1956 on Thursday November 23 2017, @09:46AM (3 children)
Does Google, or does Google not, push women as hard as they can into tech? It doesn't matter what the women want - Google is going to PUSH them into tech. Google is far enough left that they have no respect for women, instead, pushing their own agenda down women's throats. Of course, since you're a techie, and you're female, and since you're the smartest woman who ever lived on earth - you're all for that agenda. Women who don't follow your lead are all idiiots. That IS the left's view, after all. "My way or the highway!"
And, wasn't I arguing a little bit ago that there are no fascists in the staff? Here we have one telling me to go back to bed.
(Score: 2) by Azuma Hazuki on Thursday November 23 2017, @05:55PM (2 children)
My God, this is completely off. I may work for a small independent computer place, but my degree is in earth science, not any sort of programming or compsci program. Google creeps me the fuck out. And I'm not the smartest woman alive, but it's clear I'm a hell of a lot brighter than you and probably about 90-95% of the nation...which on its own means jack and squat. That and $2 will get me on the Metro, but $2 alone would too.
And sure as hell not a fascist, either. You don't know what words mean, and your use of "fascist" to mean "anyone, especially some uppity Y-chromosome-less bitch who dares to disagree with me and call me out on my stupid horseshit," cheapens the word.
Go. Back. To. Bed. Or was your mother a "fascist" too when she said that?
I am "that girl" your mother warned you about...
(Score: 1, Redundant) by Runaway1956 on Thursday November 23 2017, @11:31PM (1 child)
"You don't know what words mean"
You're probably right.
"I'm a hell of a lot brighter than you and probably about 90-95% of the nation"
Then again, maybe I'm not. You're smarter than almost anyone, so you really need to run the nation with an iron fist, to keep us from doing stupid shit.
Fascism
Fascism is a form of radical authoritarian nationalism, characterized by dictatorial power, forcible suppression of opposition and control of industry and commerce that came to prominence in early 20th-century Europe.
That reads pretty much like today's "left" in America. Weren't we talking about Google's authority to force women into STEM, whether or not women want to be in STEM?
Oh. Maybe you really are all that smart. Maybe you ranked in the 98th percentile on all your tests all through school. Maybe you aced the ASVAB and every other test you ever took. You weren't in the military, I take it, so you didn't blow the military's tests away. But - how many people on this forum can honestly say the same? Smarter than 90-95% of the nation? Sorry, sweety - you're not smarter than I am. But, if you need to believe that you are, just forget that you've read this. Here. Have another cookie. Don't let all that crazy shit cook your noodle. The old man is just talking shit, after all. Right?
(Score: 2, Informative) by Azuma Hazuki on Friday November 24 2017, @05:05AM
Let's edit that a bit: smarter than you *and* less of a whinging, panicky, solipsistic child in an adult's body. Piss off and die, you whiny manchild.
I am "that girl" your mother warned you about...
(Score: 2) by DeathMonkey on Wednesday November 22 2017, @07:27PM (1 child)
So what's the problem?
That we found out...
Clearly the solution is for Uber to be able to pay for a REALLLLYYY slow lane for this news once the FCC repeals net neutrality. Problem solved!
(Score: 4, Funny) by bob_super on Wednesday November 22 2017, @08:06PM
It would match their corporate SOP, for Uber to offer Vivid Entertainment subscriptions to anyone affected.
"Can't fix it, how do you make them not think about it, bros?"