Uber tried to conceal massive global data breach

      Comments Off on Uber tried to conceal massive global data breach

Two balloons branded with Uber logoMost parents believe that rewarding bad behaviour is a recipe for disaster. The same principle surely applies to hackers, as best practice states that – generally – demands for ransom should not be met. Uber seems to have ignored this and, as recent revelations have shown, has gone ahead and paid a neat $100k to a group of hackers who breached their security last year.

A whopping 57m global user accounts were breached in 2016, along with the personal details of over half a million of its drivers in the US. Instead of coming clean, the embattled ride-hailing business tried to buy off the hackers with $100k.

Uber has form in this area. It solemnly promised to disclose any new data breaches to the authorities after failing to do so in 2014 – taking a $20,000 hit from the New York attorney general. Each US state has its own regulations connected with when data breaches should be disclosed, but a breach of this scale is more than large enough to qualify across the board. UK users are expected to also be affected by this breach.

As a general rule, it is considered worst practice to pay hackers’ ransom demands; as it only encourages them and, as likely as not, they won’t give back the stolen data anyway. Uber has stated that the payment of (again) $100k ensured that the hackers deleted all trace of the stolen data… in the absence of any proof of this, we can only roll our eyes and respond with a half-hearted ‘Yeah, sure’.

Read more at https://threatpost.com/uber-reveals-breach-of-57-million-users-admits-to-covering-up-incident/128969/