Inside the hack Uber didn’t want 57 million users to know about

The man responsible for the Uber hack is reportedly a 20-year-old Floridian

uber softbank investment stock
junce/123RF
Another day, another massive data breach. This time around, Uber was the target, but unlike other hacks, it took the company more than a year to disclose the hack to its customers.

More information is now coming to light about the attack, and Reuters reports that the culprit was a 20-year-old Florida man. As previously reported, this individual was then paid to destroying the evidence of the attack by way of a bug bounty program. While bug bounties are generally paid to folks who discover small vulnerabilities in a company’s code, this was clearly something much larger and more insidious.

A HackerOne executive noted that the alleged $100,000 payment could be an “all-time record.” Other security experts noted that paying a hacker who had committed a crime by stealing data would be highly unusual, particularly for a bug bounty program where computer scientists are typically paid somewhere between $5,000 and $10,000.

According to a blog post from Uber, hackers managed to steal the personal data of a whopping 57 million Uber users in a data breach. Among those compromised, according to a Bloomberg report, were 7 million drivers, of which around 600,000 had their drivers license numbers stolen. Uber says that the information did not include things like Social Security numbers or credit cards.

Uber didn’t keep the hack under wraps because it didn’t know about it, however. The Bloomberg report notes that former Uber CEO and co-founder Travis Kalanick was alerted to the breach in November 2016, only a month after the hack took place. An additional report from The Wall Street Journal further revealed that Uber’s new CEO Dara Khosrowshahi was alerted to the breach in early September, two weeks after he officially stepped in as the head of the company. Once he learned of the hack, he is said to have “immediately ordered an investigation, which he wanted to complete before making the matter public.”

At the time of the hack, Uber was already negotiating with investigators for separate privacy violation claims — and it still failed to report the hack.

“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” said Khosrowshahi, who took over in September, in the blog post. “We are changing the way we do business.”

Despite concealing the hack for a year, it does seem as though Uber is telling the truth in saying that it’s “changing the way it does business.” Bloomberg reports that the company ousted Joe Sullivan, its chief security officer, and one of Sullivan’s deputies for their roles in covering up the data breach, which is at least a first step in changing its ways. The Uber blog mentioned that “two of the individuals that led the response to this incident are no longer with the company.”

This is not the first massive data breach of the year. Earlier in 2017, credit reporting agency Equifax was breached, potentially putting at risk the information of a whopping 143 million U.S. residents. The hack itself took place sometime between May and July, but was disclosed in September.

Update: The Uber hacker is reportedly a 20-year-old Florida man. 

Computing

Latest SMS breach could allow hackers access to your online accounts

A new security breach that exposed more than 26 million text messages could be a huge nightmare for users relying on two-factor authentication. Many of the SMS on the database contained security codes and account reset links.
Cars

Uber rolls out rewards program that lets its most loyal riders lock in prices

Uber launched a new loyalty program today called Uber Rewards. It offers frequent riders credits to Uber Eats, car upgrades, and the ability to lock in prices on their most traveled routes.
Gaming

These are the best Xbox One games available right now

More than four years into its life span, Microsoft's latest console is finally coming into its own. From 'Cuphead' to 'Halo 5,' the best Xbox One games offer something for everyone.
Gaming

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Social Media

Addicted to Instagram? Its new ‘activity dashboard’ is here to help

Ever get that nagging feeling you're spending too much time on Instagram? Well, a new "activity dashboard" has a bunch of features designed to help you better control how you use the addictive photo-sharing app.
Mobile

Best iPhone 7 Plus screen protectors to shield your big, beautiful display

Cracked screens are expensive to replace. Fortunately for you, we've rounded up what's available in terms of protection for Apple's large iPhone 7 Plus. Here are the best screen protectors you can buy.
Computing

Four fake cryptocurrency apps were listed on the Google Play Store

It is a dangerous time to be going after crytocurrency on Android. Four bogus cryptocurrency apps were spotted on the Google Play Store this week, according to a report from cybersecurity researcher Lukas Stefanko. 
Mobile

New sensor from L’Oréal tracks UV exposure to keep your skin safe from the sun

L'Oréal has announced a new wearable sensor that attaches to your clothing and can track ultraviolet light. The sensor uses NFC instead of Bluetooth -- meaning it doesn't need a battery to work properly.
Gaming

15 tips for keeping your vault-dwellers alive in ‘Fallout Shelter’

The wasteland can be an unfriendly place, if you don't know what you're doing. Here are 15 tips that will help your vault thrive in Fallout Shelter, including information on questing.
Mobile

Motorola Moto G7: Here’s everything we know

The Moto G6 range is still relatively new to the market, but rumors have already started about the Moto G7, which is expected some time in 2019. Apparently, a G7 Power version will be joining the G7, G7 Play, and G7 Plus.
Mobile

T-Mobile's new Revvl 2, Revvl 2 Plus are now available for purchase

Last year, T-Mobile launched its own line of branded smartphones. As a follow-up to their predecessors, the carrier has unveiled the Revvl 2 and Revvl 2 Plus -- complete with a sleeker design. Here's everything you need to know.
Mobile

How to take great photos with the Pixel 3, the best camera phone around

You’ve scored yourself a new Google Pixel 3 or Pixel 3 XL, and you want to take advantage of that incredible camera. We’ve got everything you need to know right here about how to snap the best photos with your Pixel 3.
Wearables

Google's Wear OS update 'H' promises battery life improvements

Google has rebranded its Android Wear operating system to Wear OS. Removing the Android name may help people better understand Google-powered smartwatches, which also play nice with iOS devices. 
Smart Home

Huawei could soon take on Google and Amazon with a new digital assistant

According to a report from CNBC, Huawei is working on a new digital assistant that could try to take on the likes of Google and Amazon's Alexa. Huawei already has a digital assistant in China, but the new one will be aimed at markets…