On Tuesday, November 21, 2017, Uber disclosed that hackers stole 7 million driver accounts and 50 million rider accounts back in October 2016. The compromised information included names, email addresses, and phone numbers from around the world, as well as 600,000 U.S. driver’s license numbers.
Uber paid a $100,000 ransom for the hackers to delete the stolen information and tracked them down to sign nondisclosure agreements. To further hide the damage, Uber executives made it appear that the payout had been part of a “bug bounty” – a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.
How did the Uber breach happen?
Two attackers accessed a private coding site used by Uber software engineers, using login credential they obtained there to access the data stored on an Amazon Web Services account that handles computing tasks for the company. The data contained an archive of rider and driver information, which was obtained by the hackers.
Is this the first data breach Uber experienced?
No, the company experienced a breach in May 2014 that compromised the names and driver’s licenses of more than 50,000 of the company’s drivers. Uber discovered the breach later that year and disclosed it in February 2015.
How do I know if I’ve been affected by the Uber breach?
Uber has instead that it has “seen no evidence of fraud or misuse tied to the incident.” They have not provided any way for consumers to know if their information was among the stolen data.
What should I do?
If you believe you’ve been affected by the Uber data breach, we are here to help. You can call our office at 303-861-8800 or fill out the form below.