Uber disclosed information about two hackers that were involved in its 2016 security breach, in February 2018.
The company revealed that two people who hacked the company’s data were present in Canada and Florida at the time, as confirmed by U.S. congressional committee in February 2018. Uber experienced compromised data of around 25 million people due to the breach live in the U.S.
Out of the compromised information, 4.1 million were drivers, while the company revealed the breach of 57 million worldwide users in November 2017, almost a year after the incident occurred.
In December 2017, the Reuters reported that Uber had paid a 20-year-old man, to carry out the breach and destroy the data through a bug bounty program, which is designed to reward researchers for uncovering security vulnerabilities.
Uber’s security team contacted both the people involved and received assurances the pilfered data had been destroyed before paying them US$ 100,000, Flynn said.
Flynn said that Uber made mistakes, including paying the hackers through its bug bounty program and said “We made a misstep in not reporting to consumers, and we made a misstep in not reporting to law enforcement.”
“The fact that the company took approximately a year to notify impacted users raises red flags within this committee as to what systemic issues prevented such time-sensitive information from being made available to those left vulnerable,” a Republican named Jerry Moran, said.
The data compromised included names, phone numbers, and email addresses of the users, however, social security numbers or credit card information its users was not leaked. Driving license of 600,000 drivers were also compromised due to the security hack.