What was the Uber data hack, what personal details were at risk and did Uber pay to cover up the cyber attack?

A SECRET data hack affecting 57 million Uber customers and drivers has been exposed.

Company bosses have now admitted covering up the breach – but what exactly happened?

What was the Uber data hack?

In October 2016, Uber suffered a huge data hack that affected 57 million customers and drivers.

Two hackers managed to access personal information they stole from a “third-party cloud-based service”.

New Uber boss Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August, confirmed two employees responsible for its response to the hack had been fired.

He said the incident, which he had only recently learned of, did not breach our corporate systems or infrastructure.

Khosrowshahi added: “None of this should have happened, and I will not make excuses for it.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.

“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

The hack is another controversy for Uber on top of sexual harassment allegations, a lawsuit alleging trade secrets theft and multiple federal criminal probes that culminated in Kalanick’s ouster in June.

What personal details were at risk?

A total of 57 million names, email addresses and mobile phone numbers of the app’s users around the world were downloaded by hackers.

They also managed to download the names and driver’s licence numbers of around 600,000 drivers in the US.

Uber has  for users who have been affected.

Khosrowshahi said Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring.
The New York attorney general has opened an investigation.

What did Uber pay to cover up the cyber attack?

Uber paid the hackers £75,000 to delete the data and keep quiet about the cyber attack, Bloomberg reported.

Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week because of their role in the handling of the incident. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber.

Uber said on Tuesday it was obliged to report the theft of the drivers’ license information and had failed to do so.

Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the U.S. National Security Agency, to restructure the company’s security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.