Earlier today, it was made public the specifics that were stolen during the Uber data breach. Uber gives a more in-depth idea of the information accessed by the hackers, giving customers and drivers a stronger understanding of their vulnerability.
Some U.S. senators have been hounding Uber for more information on their security breach and what it meant for the customers who’s information was involved. Uber had hired an outside cybersecurity firm after the massive data breach, to get some more detailed information on the event. The cybersecurity firm has stated that they found no evidence of any riders’ credit card information, bank account information or social security numbers being downloaded by the two hackers. Uber has however disclosed that in some cases, the hackers had retrieved the location information from the place where people signed up for Uber, as well has some heavily encoded versions of the user passwords.
The company has stated that they have not seen any evidence of account fraud or misuse of data from the breach. As a response to the data breach concealment, there has been two employees who were fired for not “informing the appropriate parties”. The two employees were anonymously contacted by the hackers, being told they had just been breached and demanded payment. Through the tracking of the breach using private cloud data stored on Amazon’s web services, Uber was able to shut down access from the hackers.
The two employee’s agreed to pay the hackers $100,000 so that they would delete the data. Later on, the hackers real identities were identified, and they signed documents saying that all breached data was deleted, ensuring that the information could not be abused. It was disocvered that the hackers first gained access to Uber’s network on Oct. 13th, 2016 and the last use point of contact was on Nov. 15th. 2016.
It is still unclear if a criminal investigation has been started. Uber has since installed a stronger online defense to prevent the same issue from arising again.