Just when we thought Uber was flying under the radar, the huge ridesharing company has revealed that a massive data breach affected millions of drivers and riders late last year – and they’ve been hiding it since November 2016.
Earlier today, Uber’s CEO Dara Khosrowshahi released an “honest and transparent” statement revealing that there had been a major hack at the end of 2016 that exposed names and driver license numbers of hundreds of thousands of drivers in the United States, and names, email addresses, phone numbers, and more of a whopping 57 million Uber users around the world.
Khosrowshahi said that he “recently” learned this information himself.
“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” said Khosrowshahi. “The incident did not breach our corporate systems or infrastructure.”
However, Uber has also stated that they learned of the incident in November 2016, when they “took steps to contain and prevent harm” but they “did not let drivers know” which they think was “wrong”.
Khosrowshahi confirmed that there was no “indication” that users’ trip location history, credit card numbers, bank account numbers, SIN numbers, or dates of birth were downloaded.
However, the hackers were able to download files with a “significant amount of other information.”
As states above, that does include the names and drivers license numbers of 600,000 United States drivers, and a total of 57 million users’ information on names, email addresses, and phone numbers worldwide.
“When this happened, we took immediate steps to secure the data, shut down further unauthorized access, and strengthen our data security,” says Uber’s “Help” page.
“We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed,” said Khosrowshahi. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”
In terms of next steps now that this information is public, Uber says that no individual user needs to take immediate action.
“We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection.”
However, Uber is advising that users keep watch over their credit and accounts, including their Uber account “for any issues.”
You can find Khosrowshahi’s full statement here.