For any business, suffering a data breach is bad. But, not informing its customers about the breach is downright worse. And Uber, a global transportation app company, has made itself into a glaring example of the above statement.
Last Tuesday (21.11.2017), Uber Technologies revealed that hackers were able to compromise personal data of 57 million Uber accounts (riders and drivers) in a hack that took place back in October 2016. Even worse, the company paid the hackers $100,000 to delete the data and hush up the breach. In short, Uber users did not know until Tuesday that they might have been affected by the breach.
So, if you are a Uber rider or a driver or have used its services in the past, you should know about these 5 important things about the Uber data breach.
#1. What was stolen in the data breach?
The data breach affected 57 million accounts. Stolen data included:
- Email addresses
- Phone numbers
- Driver license information of about 600,000 drivers
#2. How did the breach happen?
The data that was stolen in the hack was stored on an external server of Amazon Web Services. And this data was illegally accessed by the attackers behind this breach. How? They used the login credentials of Uber employees, stolen from an account on GitHub, the software development platform.
#3. Who all are affected by the Uber data breach?
This is where it gets even worse. Uber hasn’t revealed the locations of the affected Uber accounts. However, it has confirmed that UK users are among them. The company hasn’t yet revealed any numbers though.
#4. Should Uber users be worried?
There is no reason why they shouldn’t. The data that was stolen in the breach is just the fodder cybercriminals need for crafting fully blown spam campaigns or engineering identity theft. In fact, according to a recent Tweet by renowned web security expert, Troy Hunt, phishing attacks leveraging the Uber data hack have already started.
Less than 24 hours after the Uber Hack news broke, the phishing attacks started: https://t.co/SDaQJk3c7s
— Troy Hunt (@troyhunt) November 23, 2017
#5. What can Uber users do then?
Although Uber has not fully revealed who were particularly affected in the data breach and where, it won’t be unwise to assume that you are among the affected ones. So, here are some things that you can do:
- Change your Uber login password. Create a strong, unique password that has uppercase and lowercase letters, numbers, and special characters.
- If you have added your credit/debit card to your Uber app, it’s not a bad idea to delete this information.
- Check your credit/debit card statements for any unknown transactions. Inform your bank if you find any.
- Most importantly, be careful of any emails or messages that look like they have been sent by Uber. As mentioned, phishing attacks have already begun where fake emails are asking users to click on a link to change their passwords.
Reactions on social media
For obvious reasons, people have expressed their rants after the news of the Uber data breach was out.
— World Insanity (@ShePersisted6) November 22, 2017
57 million customers and 600,000 drivers had their data compromised in Uber hack. But they paid the hackers $100,000 to delete the data and keep the breach quiet so I’m sure it’s all going to be ok.
— Sheera Frenkel (@sheeraf) November 21, 2017
Time to cancel those Uber account credit cards people… https://t.co/tduzhRUIV3
— Michelle Rodriguez (@MRodOfficial) November 21, 2017
As of now, Uber is facing scrutiny by governments around the world including US, UK, Australia, and Philippines.
We will be updating this post when we come across fresh developments about the Uber data breach.