Uber has admitted to covering up data theft of 57 million customers and drivers in 2016. The taxi company, which uncovered this data theft in 2017 at the instigation of its new CEO, admitted it as part of an agreement with prosecutors. adopted on Friday, July 22, 2022. In exchange for his admission of guilt, no prosecution will take place, Reuters reported.
This data theft included the names, email addresses, phone numbers and driver’s license numbers of 50 million customers and 7 million Uber drivers worldwide. The criminals were able to obtain this data due to the negligence of the Uber developers: they gained access to a private GitHub account used by the company’s engineers, with which they were able to recover the credentials that gave them access to the web services of the Amazon account containing the stolen information.
Instead of making this data theft public and informing those affected, Uber tried to cover it up. Former security chief Joseph Sullivan, now accused of covering up a massive data theft, paid the hackers $100,000 through the Uber Bug Bounty program and forced them to sign a confidentiality agreement to keep them from talking about their hack. Today, Uber admits that its teams did not report the November 2016 data breach to the Federal Trade Commission (FTC), as they should have. The VTC business is also involved in lawsuits against Joseph Sullivan.
But this agreement was made possible mainly due to the speed with which the new management of Uber released this information after the appointment of Dara Khosrowshahi as CEO. In September 2018, Uber paid $148 million to settle claims from the 50 U.S. states and Washington, D.C. that the company was too slow to disclose information about the hack.