Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
Uber Paid Hackers $100,000 to Hide Cyber Attack

Uber Paid Hackers $100,000 to Hide Cyber Attack

By Leo S.Leo S. Verified by Sander D.Sander D. Last updated: July 19, 2024 (0)
Table of contents

Despite how useful and revolutionary Uber may have been to the world of taxis, the company turned out to have a rotten core under its shiny shell. Not only Uber was involved in other privacy-related blunders already, recent news revealed that the world’s leading taxi app paid hackers $100,000 to hide a cyber attack that took place in October 2016. To make things even worse, Uber also tracked down the two hackers, forcing them to sign nondisclosure agreements and to delete all the compromised data. This alone is a serious violation of the Federal Trade Commission (FTC) law that forbids companies from destroying forensic evidence during an investigation. Additionally, the case has led to some changes in Uber’s board, including the sacking of the CEO and the chief security officer (CSO).

And if that’s not enough, according to Bloomberg’s report, the San Francisco-based company also has other open cases in the U.S. for “possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property”.

Being driven to dark alleys

Focusing on the case involving the cyber attacks, 50 million real names, email addresses and phone numbers were stolen by hackers, alongside seven million drivers’ IDs and license numbers – 600,000 of which in the U.S. alone. Seeing such a shocking number it’s a miracle that Social Security numbers, credit card information or details about trip locations were not taken – at least according to Uber.

However, the severity of the hacking is more than enough to make even the most loyal of customers raise an eyebrow, especially considering how poorly the company handles clients’ privacy. In fact, this is not the first case where customer data is compromised: in 2014 there was a major hack resulting in the exposure of around 50,000 American drivers’ data – and Uber got off with a $20,000 fine, which was clearly not enough to turn on the little red light in the company’s board. And who doesn’t remember the God View case – which also occurred in 2014 – when certain journalists and celebrities were tracked by Uber’s executives without their knowing?

Up to 74% off NordVPN + 3 free months
NordVPN logo
Subscribe to NordVPN's 2-year plan and pay up to 74% less than you would with monthly billing and get three months for free.
Save Up to 74% on NordVPN

The most recent hack was conducted exploiting a weak point in the company’s GitHub, a software code developing platform Uber’s software engineers rely on, resulting in the immediate exposure of login credentials needed to access their Amazon Web Services account. From there it was child’s play for the hackers to gather the necessary info to ask Uber for a ransom. Up to that point the hacking seemed to be another case of a careless company being attacked by extremely lucky wrongdoers. But there was an unexpected – and downright shameful – turn of events: Uber’s executives tried to cover up the ransom as a payment made to ethical hackers who were hired to invade the company’s servers for testing purposes – a reward known as a bug bounty.

Travis Kalanick, the then-CEO of Uber knew about the hack one month after it happened but decided not to report to authorities and especially not to the app’s clientele. Despite the cover-up, he was forced to resign as CEO in June 2017; however, regardless of the gravity of this scandal he still remained in the company’s board – and has remained there to this day. That doesn’t mean there were no consequences, though: Joe Sullivan, former top security official at Facebook and renowned federal prosecutor, was fired from his position of CSO when the case came to public in November 2017.

Cleaning up uber's mess

Since Kalanick’s departure, Dara Khosrowshahi has been Uber’s new chief executive – but even he wasn’t aware of this case until it made it to the public. This forced him to issue a statement, saying that the company will be “changing the way [it does] business” and that they will learn from mistakes to “put integrity at the core of every decision [and] earn the trust of customers” once again. In plain English, he is the one designated by the board to clean up the mess and save the $70 billion taxi ride business. Matt Olsen, former general counsel at the NSA and director of the National Counterterrorism Center was also hired for PR purposes, while cyber security firm Mandiant became responsible for the investigation of the breach.

Another practical measure to be taken is providing the exposed drivers with credit monitoring and free protection for identity theft. This may not seem much, but proper protection is vital to avoid situations similar to the ones occurring right after the 2014 hacker attack when criminals applied for credit using one of the compromised drivers’ name or when a driver saw his IRS tax refund denied due to a fraudulent return filed in his name.

The future seems to hold some serious changes for Uber, but only time will tell whether the company’s credibility will be further affected in a positive or a negative way.


Best VPN services of 2025

Editor's choice
NordVPN logo
Editor's rating:
(4.5)
Intuitive multiplatform apps
Double VPN and P2P support
Plenty of security features
Large VPN network with consistent speeds
Security
Surfshark logo
Editor's rating:
(4)
Intuitive multiplatform apps
Double VPN
WireGuard protocol
Outstanding device support
Multi-device users
IPVanish logo
Editor's rating:
(4.5)
Unlimited devices
No-log policy
24/7 support
Reliable security tools
Gaming
ExpressVPN logo
Editor's rating:
(4)
Extensive device support
Exceptional speed
Intuitive apps
Convenient extras
Traveling
CyberGhost VPN logo
Editor's rating:
(4.5)
Suitable for all VPN users
Great security features
Seven simultaneous connections
24/7 customer support
Streaming
ZoogVPN logo
Editor's rating:
(4.5)
24/7 customer service
Competitive price
Good connection speed
Based in Greece
Torrenting
Private Internet Access logo
Editor's rating:
(4.5)
Unlimited devices
DNS leak protection
Suitable for all users
Completely customizable
Beginners
TunnelBear logo
Editor's rating:
(4)
Very easy and fun to use
Kill switch and traffic obfuscato
Browser extensions and Chrome blocker
Good speeds

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us