The security of data stored in the cloud has come under scrutiny yet again as Australian information commissioner Timothy Pilgrim commences investigating global ride-sharing giant Uber in the wake of revelations that the firm paid hackers $132,000 to delete the stolen personally identifiable information (PII) of 57 million of its users.
You read that right, Uber got hacked and your personal information with it.
Uber suffered a data breach back in October 2016 that affected tens of millions of people, and it is just now letting the public know about it, as 2018 rolls into view.
The compromised data includes names, email addresses, and phone numbers of more than 50 million Uber riders and 7 million drivers around the world, according to a Bloomberg report.
Uber's new CEO, Dara Khosrowshahi, responded to the news of the hack today and said "none of this should have happened" and reiterated Uber's efforts to change how it does business. He was not at the helm when it happened.
The breach seems to have occurred via development platform Github where hackers accessed the accounts of two Uber engineers who had uploaded the data to online storage for testing.
Khosrowshahi took the position of Uber's CEO on August 30 this year.
They found driver and rider information in the AWS bucket and contacted the company asking for a ransom.
Android devices collect location data for Google despite privacy settings
Google has also asked app owners to make these changes in the app in 7 days, otherwise, it will be removed from Play Store. Google demands that the app must present a unique icon and persistent notification so the user can clearly identify it.
In a press release, Khosrowshahi added: "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes".
Uber bad days will pass once the company take several precautionary measures.
Khosrowshahi says hackers accessed the data through a third-party, cloud-based service. The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter.
Attorneys general in at least four US states, Connecticut, Illinois, Massachusetts and NY, said they had launched investigations into the breach.
Uber said it fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week over their role in the incident. Did Uber security have any monitoring in place to alert them when such vast amounts of data were accessed?
A spokesman from Uber said the company is in the process of notifying various regulatory and government authorities.
Yahoo didn't make its first disclosure about hacks that hit 3 billion user accounts during 2013 and 2014 until September 2016. In addition to its legal troubles, Uber has faced criticism for sexual harassment issues, underpaying and deceiving drivers, questioning a rape victim, and surge pricing during times of crisis.
Jeremiah Grossman, chief of security strategy at security firm SentinelOne, says this was not a sophisticated hack.