Technology

Thousands of Australians affected by Uber hack cover-up

Hundreds of thousands of Australian Uber riders and thousands of local Uber drivers have been caught up in the breach that the ride-sharing company concealed for more than a year.

It comes as The New York Times reported on Wednesday afternoon that not only did Uber conceal the breach, but it paid the hackers off to keep them quiet and disguised the payment as a reward.

Play Video Replay Video Play Video Don't Play

Up Next

ASX winners and losers – a snapshot

Play Video Don't Play null

Video duration
00:43

More BusinessDay Videos

Previous slide Next slide

null

Video duration
01:13

Uber comes clean on hack

Uber comes clean on hack

Uber failed to disclose a massive breach last year that exposed the data of some 57 million users of the ride-sharing service, the company's new chief executive officer says.

Up Next

ASX winners and losers – a snapshot

Play Video Don't Play null

Video duration
00:43

null

Video duration
00:43

ASX winners and losers – a snapshot

ASX winners and losers – a snapshot

The stand out listings traded on the ASX captured at key moments through the day, as indicated by the time stamp in the video.

Up Next

PM is holding his ground

Play Video Don't Play null

Video duration
00:54

null

Video duration
00:54

PM is holding his ground

PM is holding his ground

Backbenchers are calling for it and the Labor Party is in favour but Malcolm Turnbull has emphatically ruled out a banking royal commission.

Up Next

Uber's uncertain future

Play Video Don't Play null

Video duration
02:23

null

Video duration
02:23

Uber's uncertain future

Uber's uncertain future

Despite Travis Kalanick's resignation, there are plenty of businesses that have continued to grow after losing their founder chief executives.

Up Next

AT&T sued by US Justice Department

Play Video Don't Play null

Video duration
01:45

null

Video duration
01:45

AT&T sued by US Justice Department

AT&T sued by US Justice Department

The US Department of Justice sues AT&T to block its $US85.4 billion acquisition of Time Warner Inc, saying the deal could raise prices for rivals and pay-TV subscribers.

Up Next

Uber buys 24,000 driverless cars

Play Video Don't Play null

Video duration
03:49

null

Video duration
03:49

Uber buys 24,000 driverless cars

Uber buys 24,000 driverless cars

Uber has signed a deal with Volvo for 24,000 XC90 sport-utility vehicles – worth about $1 billion – Uber is betting the company on a self-driving future.

Up Next

Turnbull's tax cut

Play Video Don't Play null

Video duration
01:10

null

Video duration
01:10

Turnbull's tax cut

Turnbull's tax cut

The PM reveals he's working on a plan to cut the tax of middle income earners but his critics are calling it a thought bubble.

More videos

Uber comes clean on hack

Uber failed to disclose a massive breach last year that exposed the data of some 57 million users of the ride-sharing service, the company's new chief executive officer says.

"The company tracked down the hackers and pushed them to sign non-disclosure agreements, according to the people familiar with the matter," the Times reported.

"To further conceal the damage, Uber executives also made it appear as if the payout had been part of a 'bug bounty' — a common practice among technology companies in which they pay hackers attack their software to test for soft spots," it added.

Related Articles

The personal information of 57 million Uber riders around the world — including their names, email addresses and mobile phone numbers — was stolen as part of the breach.

Furthermore, the personal information of about 7 million drivers was accessed, including about 600,000 US driver's licence numbers, according to Bloomberg.

Advertisement

Uber's count of 57 million users being breached covers a significant amount of its total user base, which reached 40 million active monthly users last year, according to Wired.

You will now receive updates from Technology Newsletter

Technology Newsletter

Get the latest news and updates emailed straight to your inbox.

By submitting your email you are agreeing to Fairfax Media's terms and conditions and privacy policy.

It's not yet clear whether Australian uberX drivers had their driver's licences "downloaded" as part of the breach, however, Uber said no social security numbers, credit card details, trip location information or other data was taken.

  • SHARE
  • Share on Facebook SHARE
  • Share on Twitter TWEET
  • Link

Hundreds of thousands of Australians who have the Uber app installed on their smartphones are likely to be affected by ...

Hundreds of thousands of Australians who have the Uber app installed on their smartphones are likely to be affected by the data breach. Photo: Bloomberg

Uber's Australian arm disclosed in a blog post in October 2015 that there had been over 10 million uberX rides in Australia. It further said that uberX had created "3000 jobs in Sydney", with over a thousand new driver partners being signed up every month across Australia.

Given this, it is expected that tens of thousands of Australian Uber drivers had their data exposed as part of the breach, which was uncovered in October 2016.

And hundreds of thousands of Australians — if not millions — who have the Uber app installed on their smartphones are also likely to be affected (Uber does not disclose exact driver and rider figures in Australia).

A spokesman for Uber's Australia arm told Fairfax Media that the company was "in the process of notifying various regulatory and government authorities".

"We expect to have ongoing discussions with them," the Australian spokesman said.

"Until we complete that process we aren't in a position to get into any more details."

Meanwhile, Australia's privacy commissioner, Timothy Pilgrim, said in a statement to Fairfax that his office had commenced inquiries with Uber about the breach.

"Incidents such as this are a timely reminder to Australians of the value of the personal information we provide in order to receive products and services," Mr Pilgrim said.

"It is also a timely reminder to Australian businesses and agencies of the reputational value of good privacy practice, and the reputational risks that can follow mishandling of personal data.

"I also remind organisations that the commencement of the Notifiable Data Breaches Scheme in February 2018 will require them to notify any individuals likely to be at risk of serious harm due to a data breach. Failure to do so could lead to the imposition of penalties provided for in the Privacy Act."

Companies based in Australia are not presently required by law to disclose privacy breaches. This will change in February, with fines of up to $1.7 million being levelled against those who act negligently.

Australian security expert Troy Hunt, who runs the very popular haveibeenpwned.com website — which alerts its users when their data has been breached online — said the breach didn't surprise him.

However, he said he was surprised that Uber didn't consider email addresses to be personally identifying information, adding that Uber's concealment of the breach was unlikely the first of its kind.

"There is a lot of stuff out there that we just haven't seen come to light," Mr Hunt said, before adding that he didn't "see how anyone in their right mind can say you can't identify someone based on their email".

Mr Hunt is due to testify before US Congress in Washington next week as an expert on cybersecurity about the impact of data breaches.

The hearing will look at the current challenges facing identity verification and the prevalence of how data breaches are having a serious impact on that.

Original Article

Leave a Comment

Read previous post:
Never, ever trust Telstra when they call you

Always hang up on any caller who asks you to prove that you're really you, as it could be a...

Close