Uber paid hackers $100k to cover up cyberattack on personal data of 57 million customers

According to report from Bloomberg, hackers stole personal information from 57 million customers and drivers with Uber in a security breach that the company concealed for more than a year. Uber confirmed today the hack affected 57 million customers and drivers. Uber later paid hackers $100,000 to delete the data. The 2016 breach was hidden by the ride-sharing firm which. As part of the fallout,  the Chief Security Officer Joe Sullivan and one of his deputies were fired from the company for their roles in hiding the data hack.

“While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,” Uber’s chief executive Dara Khosrowshahi said. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Uber CEO said.

What effect this news will have on Uber stock and customer remains to be seen.  Uber also did not confirm precise details of the hack, but according to Bloomberg’s report, two hackers were able to access a private area of Github, an online resource for developers. According to other sources, Uber got hacked because it left its security key out in public.  It looks like Uber accidentally stored a secure database key—intended for use only by select employees—on a publicly accessible GitHub page. The access key led to a database where drivers’ names and license numbers were stored, and was obviously never intended to be public. Once the company realized its database had been breached in May of last year, it changed the key and took the GitHub page offline.