Wednesday, November 29, 2017

Uber's Data Hack Affects 2.7m Of Their Customers, Not For The First Time.

Uber's Data Hack, Has Affected 2.7m Of Their Customers And Also Their Drivers. 

In October 2016, Uber experienced a data security incident that resulted in the hacking of information related to riders and drivers accounts. 

For riders, this information included the names, email addresses and mobile phone numbers related to accounts globally. 

Uber said their outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded, but customers have been all over social media, saying they've been charged for expensive journeys they never booked.

This is a global issue, but in the United Kingdom alone, this involves approximately 2.7m riders and drivers. 

Uber again say this is an approximation rather than an accurate and definitive count, because sometimes the information we get through the app or our website that we use to assign a country code is not the same as the country where a person actually lives. 

Again proof that this company takes little regard of complaints made on Twitter or Facebook. As they don't have a complaints land line number (a requirement for operators, under the PHV act 1998) this would be the majority of camp,aunts made. 

When this happened, we took immediate steps to secure the data, shut down further unauthorised access, and strengthen our data security.
They also decided to say nothing to regulators or customers and have Bly spoken now as this breach has been publicly exposed. 

Best advice to customers is to delete their account and contact their bank, informing them not to pay any Uber trips charged to their account. 

Uber have made a statement that they encourage all users to regularly monitor their accounts for any issues. 

They say customers should let them know via the Help Centre if anything unexpected or unusual related to your Uber account. You can do this by tapping "Help" in your app, then "Account and Payment Options" > "I have an unknown charge" > "I think my account has been hacked".

Funny they should put this out after stating that no customers (to their knowledge) have been hacked! 

It also appears that their own drivers are now complaining that money has been taken from their accounts!

NCSC advice for Uber customers and drivers

The NCSC has also provides guidance which can be found below..


Mayor Khan has turned a blind eye to all the scandal that's hit the media over the past few weeks. The rise in UberRape, the escalation of road traffic accidents, the allegations of industrial espionage of competitors and the Data hacking. 

Khan made his feelings about Uber clear in Osbourne's Evening Standard


In addition to failing to notify users and the public about the information that was exposed, the company paid the hackers $100,000 to delete the data and subsequently had them sign nondisclosure agreements. The city further alleges that the ride-hail company failed to correct security vulnerabilities that led to a previous data breach in 2014. 

The complaint reads:

“After the details of Uber’s May 12, 2014 data breach were revealed to the public, Uber was investigated by a number of state and federal regulators that were concerned about its inadequate data security practices. Uber ultimately promised to bolster its data security policies by, inter alia, adopting protective technologies for the storage, access, and transfer of private information ... less than a year later the same failures led to a breach that was one thousand times worse.”

No comments: