In what one security expert called an unsophisticated hack, hackers stole phone numbers, email addresses and names of 57 million Uber users, as well as 600,000 driver’s license numbers of Uber drivers.
Uber uses a service called GitHub to store code and track projects. Hackers got into Uber’s GitHub account and found a username and password that gave them access to user data, which is stored in an Amazon server. It was likely an accident that the login credentials were stored in GitHub.
The legal issue
- New York and Massachusetts have opened an investigation in to the breach.
- U.S. Sen. Richard Blumenthal (D-Conn.) called on the Federal Trade Commission to punish Uber.
When a company is hacked and personal information is compromised, the company is supposed to report the breach to users, regulators and authorities.
What they’re not supposed to do is pay the hackers to destroy the data and pretend the whole thing never happened, which is what Uber did.
All but two states have security breach notification laws that require companies to disclose hacks of private information.
From bad to worse for Uber
This issue just adds to a growing list of controversies Uber has been involved in recently.
Uber paid the FTC $20 million in January in a settlement over charges of misleading drivers about how much money they could make.
Uber settled with the FTC over allegations that it made “deceptive privacy and security claims” after a hacker accessed data on 100,000 drivers in August.