Skip to main content
  1. Home
  2. Phones
  3. Business
  4. Cars
  5. Mobile
  6. News

Inside the hack Uber didn’t want 57 million users to know about

The man responsible for the Uber hack is reportedly a 20-year-old Floridian

Add as a preferred source on Google

Another day, another massive data breach. This time around, Uber was the target, but unlike other hacks, it took the company more than a year to disclose the hack to its customers.

More information is now coming to light about the attack, and Reuters reports that the culprit was a 20-year-old Florida man. As previously reported, this individual was then paid to destroying the evidence of the attack by way of a bug bounty program. While bug bounties are generally paid to folks who discover small vulnerabilities in a company’s code, this was clearly something much larger and more insidious.

Recommended Videos

A HackerOne executive noted that the alleged $100,000 payment could be an “all-time record.” Other security experts noted that paying a hacker who had committed a crime by stealing data would be highly unusual, particularly for a bug bounty program where computer scientists are typically paid somewhere between $5,000 and $10,000.

According to a blog post from Uber, hackers managed to steal the personal data of a whopping 57 million Uber users in a data breach. Among those compromised, according to a Bloomberg report, were 7 million drivers, of which around 600,000 had their drivers license numbers stolen. Uber says that the information did not include things like Social Security numbers or credit cards.

Uber didn’t keep the hack under wraps because it didn’t know about it, however. The Bloomberg report notes that former Uber CEO and co-founder Travis Kalanick was alerted to the breach in November 2016, only a month after the hack took place. An additional report from The Wall Street Journal further revealed that Uber’s new CEO Dara Khosrowshahi was alerted to the breach in early September, two weeks after he officially stepped in as the head of the company. Once he learned of the hack, he is said to have “immediately ordered an investigation, which he wanted to complete before making the matter public.”

At the time of the hack, Uber was already negotiating with investigators for separate privacy violation claims — and it still failed to report the hack.

“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” said Khosrowshahi, who took over in September, in the blog post. “We are changing the way we do business.”

Despite concealing the hack for a year, it does seem as though Uber is telling the truth in saying that it’s “changing the way it does business.” Bloomberg reports that the company ousted Joe Sullivan, its chief security officer, and one of Sullivan’s deputies for their roles in covering up the data breach, which is at least a first step in changing its ways. The Uber blog mentioned that “two of the individuals that led the response to this incident are no longer with the company.”

This is not the first massive data breach of the year. Earlier in 2017, credit reporting agency Equifax was breached, potentially putting at risk the information of a whopping 143 million U.S. residents. The hack itself took place sometime between May and July, but was disclosed in September.

Update: The Uber hacker is reportedly a 20-year-old Florida man. 

Lulu Chang
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
OnePlus is gone, and Android phones just became more boring in the US
OnePlus 13 vs OnePlus 11.

I wasn't expecting a smartphone brand's exit to hit me this hard, but OnePlus leaving the US and Europe genuinely did. The company has already confirmed that it will no longer launch new products in either market, although existing customers will continue receiving software updates and after-sales support. So while OnePlus isn’t disappearing altogether, it is walking away from two of the biggest smartphone markets in the world.

To be honest, the Android market in the US already feels limited. If you’re shopping for a flagship, your realistic choices almost always begin with Samsung and end with Google. OnePlus was one of the very few brands sitting in between, offering something that didn’t quite look or feel like everything else. And that’s exactly what I’m going to miss.

Read more
A niche iPhone browser quietly fixes my biggest problem with Google Search
Quiche Browser open on iPhone

If there's a new browser, email app, or note-taking app to try, chances are I've already installed it. Like every other productivity nerd, I'm always chasing the perfect setup. That's how I stumbled upon Quiche Browser. It was already close to replacing the Arc Search for me on the iPhone, but its latest update finally pushed it over the edge, earning it a spot as my default browser.

What makes Quiche so good

Read more
Google has to play fair with AI rivals on Android, and that could be good news for your wallet
A new ruling strips Gemini of its exclusive access to deep Android integration, opening the door for cheaper AI models to offer similar functionality for less.
A person using Google Gemini on the Google Pixel 9a.

After forcing Google to open up Android to third-party app stores, the EU is back with a new target, and this time it's Gemini's home-field advantage. The European Commission ordered Google on July 16 to give rival AI apps the same deep access to Android that's currently exclusive to Gemini. The order falls under the EU's Digital Markets Act (DMA), and it directs Google to stop treating its own assistant as a first-class citizen on a platform it controls.

What Google now has to hand over

Read more