We learned the 21st November that Uber has been hacked and more than 57 million users were stolen all around the world. The most surprising is the date of the attack which date back to last year, in the end of 2016.
The first question concerns obviously the contents of the stolen data. On this matter, it seems that the hackers had access only to names, e-mail addresses and telephone numbers of those concerned. Furthermore, among the 57 million affected people, about 600 000 american drivers had their driver’s licence number stolen. Uber’s CEO, Dara Khosrowshahi, assures that any other sensitive information as banking information, date of birth, number of Social Security were compromised.
According to Bloomberg information, the media which relieved in the first one the news, hackers had access to GitHub server, where Uber stored lots of data.
We also wonder the use the hackers of the stolen data had. Since October 2016, date of the attack, did the data were exploited, sold, destroyed? The CEO answers that it is the last possibility, certainly in a purpose to reassure public opinion. On that subject, Bloomberg said Uber paid a ransom to the hackers from almost 100 000 dollars in attempts to destroy the data and keep things close to the chest.
The commentators castigate the communication. They think Uber took the worst decision when they decided to keep silent and to pay a ransom to the hackers. It is understandable by the fact they were then in discuss with the Federal Trade Commission regarding their data management. It would have been bad form to announce attack of such magnitude. Nevertheless, keep quiet about it have a severely damage on their image, and above all, encourage the pirates to take their chance.