Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Uber Paid $100K Ransom and Hid 57-Million User Data Breach For Over a Year
Old 11-22-2017, 08:05 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 22,675
Uber Paid $100K Ransom and Hid 57-Million User Data Breach For Over a Year

This really blew my mind! Wow!

So - Uber pays hackers $100K to supposedly delete stolen data (right!) and not tell anyone about it. Oh yeah - and forget letting their customers, drivers, or authorities know. What kind of mentality does that company have?!?!?

They tracked down the hackers and made them sign NDAs instead of turning them over to authorities?!?!?

Quote:
On Tuesday, Uber revealed in a statement from newly installed CEO Dara Khosrowshahi that hackers stole a trover of personal data from the company's network in October 2016, including the names and driver's license information of 600,000 drivers, and worse, the names, email addresses, and phone numbers of 57 million Uber users.

As bad as that data debacle sounds, Uber's response may end up doing the most damage to the company's relationship with users, and perhaps even exposed it to criminal charges against executives, according to those who have followed the company's ongoing FTC woes. According to Bloomberg, which originally broke the news of the breach, Uber paid a $100,000 ransom to its hackers to keep the breach quiet and delete the data they'd stolen. It then failed to disclose the attack to the public—potentially violating breach disclosure laws in many of the states where its users reside—and also kept the data theft secret from the FTC.
https://www.wired.com/story/uber-pai...r-data-breach/

Also
Quote:
The two hackers stole data about the company’s riders and drivers — including phone numbers, email addresses and names — from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data, the employees said.

Uber acquiesced to the demands, and then went further. The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter. To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” — a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.
https://www.nytimes.com/2017/11/21/t...hack.html?_r=0
__________________

__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 11-22-2017, 08:23 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Jun 2005
Posts: 9,719
Nowadays I assume that many of the companies that I have a relationship with have done the same thing. If one believes that their information is safe, then they are totally naive.
__________________

LOL! is offline   Reply With Quote
Old 11-22-2017, 08:32 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 7,212
Everyone knows criminals will obey a NDA. After all it's legally binding
Sunset is offline   Reply With Quote
Old 11-22-2017, 08:46 AM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 22,675
Quote:
Originally Posted by Sunset View Post
Everyone knows criminals will obey a NDA. After all it's legally binding
Yeah - my reaction!
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 11-22-2017, 01:28 PM   #5
Full time employment: Posting here.
 
Join Date: Jun 2017
Location: Chicagoland
Posts: 775
According to Bloomberg, which originally broke the news of the breach, Uber paid a $100,000 ransom to its hackers to keep the breach quiet and delete the data they'd stolen. It then failed to disclose the attack to the public—potentially violating breach disclosure laws in many of the states where its users reside—and also kept the data theft secret from the FTC.

Nope, not *potentially*. Unless there are other contrary facts, this is a big "no no".

I suspect the regulatory fines, lawsuits, and lost customer is going to cost them uber bucks.
CoolRich59 is offline   Reply With Quote
Old 11-22-2017, 01:44 PM   #6
Thinks s/he gets paid by the post
 
Join Date: Mar 2013
Location: Coronado
Posts: 1,185
California was one of the first states to enact a law requiring disclosure of data breaches. It's mind boggling that a tech company headquartered in the state doesn't know that, if only because everyone who works there has gotten letters from other companies who've had similar events. Did they all think those other companies were just notifying them to be nice?
cathy63 is offline   Reply With Quote
Old 11-22-2017, 01:45 PM   #7
Thinks s/he gets paid by the post
 
Join Date: Aug 2013
Location: North
Posts: 2,244
I still sometimes wonder how they remain in business...I guess all the drunk college kids need to get around somehow. We used taxi's when I was doing damage.
__________________
AA (Stock/Bond/Cash ): 96.5/0/3.5% MIX (Small/Mid/Large): 25/25/50% BLEND(US/Foreign): 100/0%, REIT (Real Estate Equity): ~50% of Assets

FIRE in 2031 @ 50yrs old (+/- 2yrs) w/ a hypothetical $2.5mil portfolio, 3 appreciated homes worth $1.0mil and rental income to fund my gap years until RMD. Assets will go to an inherited IRA where I plan on watching the investments grow until I die or the trust gets executed.
kgtest is offline   Reply With Quote
Old 11-22-2017, 04:13 PM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 22,675
Quote:
Originally Posted by kgtest View Post
I still sometimes wonder how they remain in business...I guess all the drunk college kids need to get around somehow. We used taxi's when I was doing damage.
Me too!

So who thinks the hackers actually deleted the data?
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 11-22-2017, 06:18 PM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
travelover's Avatar
 
Join Date: Mar 2007
Posts: 11,535
Quote:
Originally Posted by audreyh1 View Post
...........They tracked down the hackers and made them sign NDAs instead of turning them over to authorities?!?!?
Wow, it seems like for half as much they could have just make the hackers "disappear".
__________________
Yes, I have achieved work / life balance.
travelover is offline   Reply With Quote
Old 11-22-2017, 08:03 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 22,675
Quote:
Originally Posted by travelover View Post
Wow, it seems like for half as much they could have just make the hackers "disappear".
I know!!!

So bizarre!
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 11-22-2017, 10:18 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 9,145
Whose worse? The criminal hackers or the companies that keep it secret?
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 11-23-2017, 09:38 AM   #12
Thinks s/he gets paid by the post
 
Join Date: May 2014
Location: Utrecht
Posts: 2,639
Uber is well known as being one of the most ethically challenged 'tech' companies out there. Sexual harassment, intimidation, actively sabotaging competition and now this .. it's just par for the course.

What keeps surprising me is how they keep raising all that money while in essence it's still little more than a taxi app with a vague self-driving car promise. Guess I have a lack of imagination.
__________________

Totoro is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What are the ultimate data breach solutions? flintnational Other topics 5 09-21-2017 09:35 AM
OPM data breach – what should you do? Tadpole FIRE and Money 31 12-11-2015 09:11 AM
One in four Uber drivers over 55 Htown Harry Life after FIRE 50 10-12-2015 06:24 PM
18 year old with over $100k... right move? drooblez23 FIRE and Money 24 10-19-2010 07:14 PM

» Quick Links

 
All times are GMT -6. The time now is 12:55 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.