Uber paid hackers $100,000; concealed data stolen of 57mn users

In October'16, two attackers broke into a private GitHub site being used by Uber's engineers and recovered login credentials for its Amazon Web Services account.

There, they found a detailed database of riders and drivers.

Uber says only names, email IDs, phone numbers and drivers' license numbers had been accessed. Other data like social security numbers, location, credit card information and more were safe.

Uber's failure lied in not disclosing such a huge data breach to authorities as required by US laws.

Ironically, around October'16, Uber had just settled a lawsuit with the NY attorney general over data security disclosures and was negotiating with FTC over handling of users' data.

Moreover, that it had stored unencrypted data was "unforgivable", says Paul Lipman, CEO of cybersecurity firm BullGuard.

Uber has now fired two of its employees: Joe Sullivan, its chief security officer during the hack, and Craig Clark, a lawyer who reported to Sullivan.

The company has said it would provide free credit monitoring and identity theft protection to all affected drivers.

The NY attorney general has launched a probe into the attack.

Meanwhile, a customer has sued Uber for negligence.

Ironically, this isn't the first such occurrence at Uber: in 2016, Uber was fined $20,000 for not revealing promptly a 2014 data breach.

Since starting in 2009, Uber has been accused of paying bribes, spying on its rivals, evading authorities, questionable pricing and more unethical practices.

It is fully/partially banned in several countries including UK, Canada, Bulgaria, Denmark, France, Germany, Hungary, Italy and Australia.