Friday, November 24, 2017

Not The First Time Uber's Been Hacked...And Not The First Time They've Covered It Up.

A catalogue of errant issues, hushed up and swept under the carpet.


So, Uber say that the 57 million passenger details have been bought back and that their Credit Card account details are safe. They also said that no ones been charged for journeys they haven't booked.....who remembers this from 2015 !

Minicab app Uber denies it is being hacked despite avalanche of tweets from customers complaining of thousands in losses - and even Anthea Turner is getting cross...

Concerned: Anthea Turner took to Twitter to contact Uber about her apparent account breach
Uber users are being told to check their usernames and passwords after a growing number of people have been charged for journeys they did not make.

Anthea Turner was the latest to have her account compromised, leaving her with a bill for journeys she did not book or take.

The TV presenter tweeted to Uber 'account has been hacked nothing to help me on website – this is ridiculous'.


Uber is a mobile app that connects minicab ride requests with drivers. Users can input their credit card details on the app so that they do not have to have cash with them to pay.   

But the Uber support Twitter account is awash with users complaining that they have had cash taken from their accounts for journeys that they did not book or make. Some users have reportedly had hundreds or even thousands of pounds taken from their accounts.

Uber still denies that it has been breached - but has promised to reimburse all customers who have been charged for journeys that they did not book or take. 

Elaine Johnson tweeted: 'Help – my account has been hacked and I don't know who to contact to report this to? Someone's spending my cash.'

Gemma Hole said: 'My account has been hacked, I've apparently just ordered 13 cabs to Clapton and counting and I'm getting charged.'


The complaints on Twitter are coming from users across the globe including the States and France.

Record producer Mick Crossley told The Evening Standard he had been hit with a bill for £3,000 for 142 journeys.  He said he did not receive notification that the journeys had been booked because someone had changed his contact email address on his account as well.

Just last night Twitter user Jade Samantha posted a screenshot of Uber journeys taken on her account totalling close to £100, which she claimed she never took. Some Twitter users are responding to account hacking postings with the hashtag #ubered.

Amanda O'Shaughnessy told This is Money she found out that someone was using her account when she started to receive invoices for journeys she had not made. 'I've lost complete trust in the service and it's for these reasons that I won't use them again, despite the convenience,' she said.  


Some customers have also vented their fury at their inability to get hold of someone at Uber to report the situation to.

Worried: Anthea Turner reached out to Uber support on Twitter after she was charged for journeys she did not make

The website does not contain a telephone number, only an email function for enquiries.

Anthea Turner was one user who appears to have struggled to get through to the minicab sharing company.


She tweeted that she couldn't even change her account details because her login details had been changed by someone. Then after appearing to have tried to get a phone number for them, tweeted Uber saying 'your email is saying not valid and the number from 118 500 is not ringing through. Do you exist?'

A spokesperson for Uber categorically denied that there had been a breach at Uber, confirming to This is Money that they were 100 per cent sure that their system had not been compromised.

Charged: Users have taken to Twitter to share concerns about their accounts being hacked

'We take any issue of this nature very seriously and after investigating have found no evidence of a breach at Uber,' an Uber spokesperson said. 'Attempting to fraudulently access and use Uber accounts is illegal and we notify the authorities about such activity.'

However they admitted that there have been a number of users reporting that their accounts had been used by other people to book journeys.


Popular: Uber has dramatically reduced the cost of cabs - but a small number of users are experiencing problems
They said they were still investigating the cause, but that the most likely explanation is that there had been a data breach on another e-commerce website. 

Since people often use the same usernames and passwords across several online accounts, fraudsters have attempted to use the data hacked from another site to access Uber accounts.

It said the issue is being taken very seriously and anyone left out of pocket will be reimbursed.

A spokesperson added: 'We would like to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services. However, anyone who is charged for a trip they didn't book or take would get a refund.'

Full credit card details are not stored on an Uber account account, but a hacker can see the last four digits of a card number, as well as their full email address and phone number.

From this a person could commit wider identity fraud, or sign into other accounts if the username and password is copied across other sites, apps and accounts, if this isn't the method by which they breached the Uber account in the first place.

Despite the frustrations of some customers, Uber is not sharing a phone number that people can call should they think they have been affected.

Instead they can email supportuk@uber.com and should receive a response within an hour. A spokesperson for Uber said this method was 'more efficient' – particularly since Uber is a global company - and the email account is monitored 24 hours a day.


Dismayed: Increasing numbers of Twitter users have taken to the site to share their experience of Uber journeys booked on their account by someone else

The reported account breaches come after reports last month that hackers had allegedly obtained thousands of login details for Uber accounts worldwide – and were selling them for as little as $1.

Two sellers – known only as Courvoisier and ThinkingForward – were reportedly using online marketplaces on the dark web such as AlphaBay to offer this personal information.

Uber reiterated at the time that it had found 'no evidence' of a security breach in its systems.

Web blog Motherboard revealed that active Uber accounts are for sale on the dark web. 

Since then, a wave of customers have complained of fraudulent trips being charged to their credit card account.

In an attempt to discover the root of the problem, Motherboard has received a guide on how to use these accounts.

The step by step tutorial is sold by Courvoisier, one of the vendors who originally advertised the hacked Uber accounts.


TAXI LEAKS EXTRA BIT : 

So, what type of information does Uber store about their customers ???

Remember this scandal from earlier this year that seems to have been swept under the carpet by TfL!

In a disturbing turn of events, Uber has been tracking oblivious iPhone users even after they removed the application from their phone. Two years ago, the situation escalated to such an extent that CEO Travis Kalanick earned a slap on the wrist from Apple mogul Tim Cook.

The New York Times reported that Kalanick pulled a "fast one" on Apple back in 2015 when the app continued to identify and tag iPhone users after they had deleted it from their phones. In doing so, Kalanick's company violated Apple's privacy guidelines and was nearly booted off the App Store.

The practice is called 'fingerprinting,' which Uber used on iPhones initially as a fraud-prevention method. It is a piece of code that identifies a specific iPhone, locates it, and remembers it. Uber hoodwinked Apple engineers by geofencing Apple's Cupertino headquarters to hide this code, but Cook & Co. soon discovered the deception. The whole debacle resulted in an awkward face-to-face meeting for Kalanick at Apple headquarters back in 2015 where Uber was forced to comply with Apple's regulations.

Taxi Trade Lied To Over Bank Junction Exclusion - Moorgate To Close For 5 Months - New Ranks 🤗

Again we find out, the Taxi trade has been lied to over the Bank Junction...now there's a surprise!


When the trade met with the City of London earlier this year, they were given assurances the Bank Junction exclusion would only go ahead while there were no road closers in the surrounding areas. 

Going by the notice issued yesterday by TfL, it looks like CoL have renaiged on their promise. Moorgate is to be closed off in both directions from South Place, to Lothbury (Bank Junction), for 5 months from Sunday 26th November till the1st of April next year, April fools day.

As far as we know, there has been no previous statement to trade orgs in regards to this closure. 

The New United Trade group (NUT) pleaded with militant drivers to stop the driver lead, daily disruptive action at the Junction and promised that their team of observers would be keeping an eye on proceedings.

When Taxi Leaks phoned the LTDA office earlier today, they had no idea that Moorgate was being closed. Looks like they took their eye off the ball !!!

Will the City of London be announcing a lifting of the Bank Junction exclusion, while these road works take place......we wait with baited breath for their announcement. 
And one from the NUTs wouldn't go amiss.

The Taxi Trade 'Winter Of Discontent' may well now be going ahead.


However !!!
There now appears to be a caveat to the Moorgate road closure planed for Monday.

Below is the flippant post put out on Twitter by the City of London @Squarehighways account , saying that TfL Traffic News appear to have got it wrong (another right hand, left hand scenario) 


Well now, there's a first !!!

Other roads updates:
From this Sunday, again til April next year, Chelsea Embankment will be closed to all traffic westbound so that urgent gas works can be carried out. 

Blackfriars bridge is to be closed to all traffic again this Friday night till Monday morning for resurfacing. 

Also, please be careful at the lights, Buckingham Palace Road, junction of Terminus Place, where a new yellow box has been implemented. 
Be advised that this will be heavily enforced with immediate effect.....unless you are driving a bus of course !!!


TAXI LEAKS EXTRA BIT :
At last, there is some good news... In the shape of new ranks.
The HardRock Cafe' now has a nice new rank outside, as does the Charlotte Street Hotel...and Ronnie Scott's, finally has a new rank. 


The rank outside the W hote has been extended and Mahikis rank has been revised.
Please make sure you use the ranks and keep the touts off. 


Thursday, November 23, 2017

How is Uber still even in business at this point?


While no Silicon Valley company is without sin, Uber seems to have plumbed new depths of corporate depravity. There is so much fundamentally rotten at the company’s core that it’s nearly impossible to imagine that new-ish CEO Dara Khosrowshahi can disinfect and rehabilitate a culture gone horribly wrong.

Khosrowshahi’s tenure is already turning into an international apology tour. The latest mea culpa, of course, is that the company covered up a hack of 57 million user accounts in 2016. Hacks happen to the best of companies, alas. But failing to notify the affected account holders is grossly negligent. And paying the hackers $100,000 to keep quiet about it, according to Reuters, is simply unfathomable.

In his apology blog post, Khosrowshahi seems to have forgotten to mention the payment, which was also reported by Bloomberg.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi wrote. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

Khosrowshahi fired the company’s chief security officer and a deputy. The Recorder reported that the deputy was in fact in-house lawyer Craig Clark. We wonder if new Uber general counsel Tony West has reported for duty yet? Welcome to the team, Tony! Otherwise, the executive suite remains a relatively empty place these days.

This latest scandal comes as Khosrowshahi is having to grovel before London authoritiesto get the company’s license restored there. Regulators there don’t seem to trust Uber after years of bad faith and bullying. Surprise! That lack of trust extends to countless other jurisdictions around the world that became fed up with the take-no-prisoners tactics of disgraced former CEO Travis Kalanick.

Kalanick, you’ll recall, was forced out of his own company following a massive internal investigation regarding the company’s culture of sexual harassment. And that investigation came as the company was being sued for allegedly stealing autonomous vehicle intellectual property from Google’s Waymo unit.

Oh, gee, what else? Is it unfair to dredge up things like an executive threatening a journalist? The Uber driver that raped a passenger in India? The Greyball technology the company used to dupe regulators? Booking fake rides to disrupt its competitor Lyft? Spying on passengers using its “God View” technology?

Uber can expect a colonoscopy from regulators over the latest scandal. But why should the company get any more chances at this point? The fact that investors have pumped billions of venture capital into this morality swamp isn’t really a justification for its existence. And neither is our addiction to heavily subsidized cab rides.

I’m sure the new CEO is sincere about being sorry. At this point, I think we’re all a bit sorry for anything we did to support Uber along the way. But now the rest of us have a duty to vote with our feet and wallets by walking away from Uber and leaving it to wither and fade away

Source : Venturebeat.com


TAXI LEAKS EXTRA BIT :

In about 15 months, if the timetable holds, Uber will ask public investors to buy its shares. Dara Khosrowshahi, the car-booking company's new chief executive, appears to be taking a kitchen sink approach to getting bad news out well in advance.

Yet the latest admission — that Uber covered up the theft by hackers of data from 50m passengers and 7m drivers — is so bad it is increasingly hard to see an unimpaired initial public offering in that timeframe.

Financial effects already exist from Uber's serial moral failings: it has bled market share, especially in its home city of San Francisco, to rival Lyft. But the inexplicable handling of the data breach puts it in another tier of jeopardy.

From May next year, a tough European Union rule called the General Data Protection Regulation will allow officials to levy fines of up to 4 per cent of turnover if data are leaked. If Uber maintains its current growth rate of 17 per cent, its annual net revenues should be $US9bn and the potential fine $US360m. Gross bookings would make it five times higher. That is real money even to the largest private tech company.

That is hypothetical, given the timing for implementation of the EU rule. But the severity of the punishments reflects the vengeful public mood. Very real liabilities exist in the US from the breach, which will play out in probes from the Federal Trade Commission, state attorneys-general and in lawsuits.

The bigger problem is that estimating the scope of Uber's myriad wrongdoing and the scale of potential punishments is impossible. Even the known unknowns are frightening enough.

Bear in mind that the full Holder report into sexual harassment has never been published. It doubtless contains more reputational blows to the company, if and when it emerges. Consider also that Uber is under criminal investigation over possible violation of the US Foreign Corrupt Practices Act.

The biggest fines there, such as last year's action against Swedish telecoms operator Telia, have reached $US1bn.

If Uber had adopted the controls of a good public company two or three years ago, it might have prevented some of the problems that developed since. To reveal them, settle them and soothe potential investors in the next 15 months is a tall order



Source :Financial Review
https://is.gd/zlrvT1 


Letter To The Editor: TfL Threatened Me With Temporary Unemployment Over Late DBS Certificate, Unless I Paid More


Taxi Leaks has received this letter from GreenBadgeJohn (on Twitter). It details clearly the fact that Taxi drivers are currently being treated different to not only Private Hire Drivers, but especially Uber drivers, when applying for or renewing their licence. 

John was charged an extra £13, having already paid the full amount for an enhanced DBS criminal records check, or was threatened with unemployment when his DBS was caught up in the system.   

Letter to Editor :
TFl unsuccessfully tried to deny how I was threatened with temporary unemployment unless I paid to join the (non mandatory) Update service because my CRB had not been duly processed due to high demands at that period and even though I had started the process within the prescribed 4 month advanced application period they require.

I was given one option once my old licence expired:

I had to attend TPH's office in southwark and sign a form to obtain a Temporary Measure Licence, but before doing so it was made a mandatory that I joined the "update service" costing a further £13 (although I had paid the full amount required to re-licence) ...."or I would not be licensed to continue working"

I contacted my appointed GLA member who duly emailed TFL about my issue and was emailed with all the facts I state above.

I find it disgusting how Uber has a completely different "arrangement" to me as a licensed taxi driver who has no prior criminal record and as this "record" has rolled over 10 times in 3 yearly stages over the years (not counting the 2 & 3/4 years knowledge) as opposed to new private hire drivers applying to TFL in their droves from places that may not be willing to divulge prior records due to filing inadequacies or from corrupted war torn regions who are given the freedom to continue to work unconditionally or until the dots of acceptability are presumably joined up somehow? (and that is another story)  

Every Licensed London Taxi driver has a history.... 'The Knowledge'... which is a long time based characterisation of every applicant.... new Private hire drivers do not.

As we who have completed the knowledge process know it is more than just showing you can find your way around London as you are tested on characteristics over a long period of time which allows licensing authorities time to study suitability and measure character and fortitude and all on a time linked CRB system and creates a license of value for those knowledge students who have taken years to obtain and will truly value and would never wish to jeopardise.

Compare that to the overwhelming numbers of out of the blue private hire applicants who will try to make some kind of a living from being lost in a world capital city and dangerously gaze at a windscreen sat nav device and hold a no value license to work which is given to them for the payment of a fee.

There have always been serious implications as to how private hire drivers can honestly be vetted over a staggeringly short period of time-lapsed investigative study, but to now allow driver an non-investigated working period before potentially uncovering serious character faults and latterly barring them is a scandal and must stop before any further crimes are committed.

TFL have a duty of public care and must do their job properly as this scandal is truly astonishing and unchecked drivers with no history must not be allowed to hold any form of private hire license until satisfactory checking is completed.... no compromises.

Be Lucky

greenbadgejohn (on twitter)

It appears that if you are a private hire driver, and in particular, if you are registered with Uber, then the application standards appear to have been relaxed, even though TfLTPH general manager Helen Chapman gives assurances when talking to the media, that all private hire drivers go through the same enhanced criminal record checks process as licensed Taxi drivers do. 

But Helen statement doesn't appear to be factual, as we've since found out (by FOI request).

Only 2,642 private hire drivers, out of the 13,000 Uber drivers found to have fake DBS certificates back in January this year, have subsequently resubmitted genuine applications.

The question needs an answer:
Why have TfKTPH treated these Uber drivers -who failed to comply with regulation- different?
Why haven't the licenses of the 10,300 odd who never resubmitted not been suspended? 

Is it really one rule for Taxi and Private hire Drivers, and a different rule for a Uber drivers?

Taxi leaks Extra Bit:
Over the pond, we are presently seeing Uber starring into the face of an FBI investigation over destroying federal evidence. This could result in long jail sentences for those responsible. 

Taxi Leaks would like to take this opportunity of reminding those rats who haven't jumped ship yet that over here, malfeasance is just as serious an offence and if found guilty, can also carry lengthy jail time. 

Wednesday, November 22, 2017

FOI reveals Transport for London repeatedly renewed £2m consultancy contract over 7 years without getting rival bids

Transport for London has defended the repeated extension of a consultancy contract worth almost £2m over a seven year period without asking rivals to tender for the work.

In October 2010 the capital’s transport agency hired the contractor to provide a staff member who would “assist the TfL senior leadership team” during their work on the Horizon programme which was tasked to slash costs in TfL’s support functions. 

The initial contract was worth £122,980 and covered “targeted senior executive leadership facilitation, support and coaching for the TfL leadership team, including the Commissioner and the Chief Officers.”

TfL says the work was awarded following “a search of the market,” however the relationship has been extended several times over the following seven years, each time without alternative suppliers being asked to tender. 

Each of the renewals was approved following the production of a ‘single source request’ document which self-exempts public bodies from tendering contracts.

The first extension came in February 2011, just 4 months after the initial agreement was signed, with further extensions in August and October of the same year.

The document approving the second extension justifies the failure to openly tender the work on the grounds that other suppliers “would not have the existing knowledge of TfL, the Horizon programme, the expertise and familiarity or trusting relationship with the individual Directors in the Leadership team.”

In August 2012 an uncontested extension worth £250,000 was approved on the grounds that “a decision to put this activity out for tender would inevitably have postponed the delivery of Project Horizon”.

The document added that proceeding without the support of an external contractor “would have meant progressing Project Horizon without effectively organising or coordinating Chief Officer input, leading to a sub-optimal conclusion and/or delay to the project.”

Eleven months later TfL justified a decision not to put a further extension, worth £162,000, out to tender “as it may result in a loss of continuity in the development of individuals”.

The relevant approval document also states that the additional work being approved was “needed to provide the continuous support that is required by the Commissioner.”

An extension worth £175,500 was signed off in October 2014 to allow the contractor “to assist the Commissioner direct and develop an effective TfL leadership team and to support the team so that he can lead TfL effectively.”

It also justified the decision not to tender the work on the grounds that “it may result in a loss of continuity in the development of individuals”.

Further extensions followed July 2015, March 2016, October 2016, March 2017 and, most recently, in October 2017.

A freedom of information request shows that over the seven year period to October 2017 the contractor was paid £1.74m. The latest extension is worth a further £210,000.

The services provided span the terms of former TfL Commissioner Sir Peter Hendy and successor Mike Brown. TfL’s top post comes with a salary in excess of £300,000 and a host of in-house support staff. 

Defending the consultancy contract, a TfL spokesperson said the contractor in question “has provided advice and support to the TfL leadership team for a number of major organisational change programmes to deliver a range of improvements and significant financial savings.  

“The current programme is delivering £4bn of savings to 2021/22, reducing our operating costs for the first time in our history.”   

However Liberal Democrat London Assembly member Caroline Pidgeon said the agency’s decision to repeatedly roll over the contract uncontested “for so many years raises some fundamental questions about TfL’s transparency, let alone its commitment to value for money.” 

She added: “Contracts such as this should be open for examination and regularly put out to tender.”

The most recent renewals appear to undermine efforts by Mayor Sadiq Khan to slash costs within TfL in order to help fund his freeze fares and meet the challenges posed by the axing of TfL’s Government grants.

Last year Mr Khan ordered the agency to carry out “a fundamental review” of management layers, renegotiate all contracts, freeze recruitment “for all but the most essential roles” while “significantly cutting the most expensive of the existing circa 3,000 agency contractors.”

Commenting on the FOI’s revelations, Labour AM Tom Copley said: “We’ve had a commitment from the Mayor to reducing consultancy costs, TfL must now follow through. 

“At a time when TfL are having to tighten their purse strings because the government are removing their operational grant, it begs the question whether this is value for money.”

Source : MayorWatch.co.uk

Institute Of Licensing Writes To Government To Highlight Failure In Taxi And PH Licensing System


The Institute of Licensing (IoL) has written to the Government to raise concerns about failings in the taxi and private hire licensing system that is putting public safety at risk.

IoL President, James Button, said in the letter: 
“We are aware that there is currently much discussion ongoing in relation to the licensing of taxi and private hire drivers, operators and vehicle owners, including the recently established working party by Minister of State John Hayes MP. 

We are conscious that any discussions must seriously consider the adequacies of current arrangements concerning criminality checks, data sharing and ability of licensing authorities and police practitioners to identify concerns relating to licensed individuals and those seeking to be licensed with a view to maintaining public safety and taking appropriate action as necessary.”

The letter addressed to the Home Office, DfT, National Police Chiefs Council and the chairman of the newly established Taxi and Private Hire Working Group, outlined the result of its member’s survey about the level of checks undertaken, data sharing with the police and other similar issues:
Less than 25% of respondents consider the current data sharing arrangements are satisfactory

More than 50% of respondents agreed that changes to the Notifiable Occupations Scheme affected information sharing between police and licensing authorities

72% of respondents said that do not receive immediate notifications from the police when a taxi licensee (driver, operator or proprietor) is under investigation, arrested or charged

42% of respondents said that the Data Protection Act used as a reason for not sharing information

A substantial 80% of respondents agreed it would useful would it be to have a single point of contact within the police for taxi licensing issues
Mr Button continued: “The IoL has raised concerns previously with the Home Office in relation to data sharing between police and licensing authorities in relation to taxis. 

In March 2015, we put on record with the Home Office our concern over the then imminent changes to the Notifiable Occupations Scheme and the proposed removal of Home Office Circular 006/2006 which provided guidance to police forces about the disclosure of convictions and other information in relation to people in professions or occupations which carry additional trust or responsibility (notifiable occupations). 

In summary, the concern at that point was that the changes would increase uncertainty and inconsistency in data sharing.”

The IoL is currently leading on a project to develop a national model convictions policy for licensing authorities to consider adopting locally. It has been working with the Local Government Association and the National Association of Licensing and Enforcement Officers on the project and the aim is to consult on the draft document imminently. 

This project has been undertaken with the sole purpose of providing a potential national minimum standard endorsed by the relevant organisations with a view to raising consistency across England and Wales.

TAXI LEAKS EXTRA BIT:

Meanwhile, in London, TfL are still allowing 10,000 Uber drivers with alleged fake DBS certificates to carry on working, even in the light of an escalation in PH passenger sexual assaults (highest total for 15 years) 

Not only that, 5 Uber drivers convicted of fraud have been allowed to carry on as PH drivers even after being given suspended prison sentences.
 

TfL have refused to relicense Uber as a PH operator, but allow them to continue for the next few years while they appeal, even though they have been flagged up as a not fit and proper company. 
Can you see the pattern emerging here?

And yet a Licensed Taxi Driver who video’d a group of TfL directors in a public Street has had his licence revoked and been out of work for nearly a year. 

Another Day, Another Uber Scandal : Uber Concealed Cyberattack That Exposed 57 Million People’s Data

On a day when the worlds media are concentrating on Zimbabwe and the resignation of Robert Mugabe, Uber have finally decided to release the news they've been covering up for over a year, the hacking of 57m customer and driver personal details. They probably chose today thinking it would roll down the order of play. But it looks to have backfired on them.

See Video below for outline of the story from Sky News:

   

This latest #UberScandal has set social media alight this morning. Not surprisingly, no government agency has had anything to say about this yet.

Again we see another news media outlet (SkyNews) referring to Uber as a Taxi App (only in their dreams). 

So, for their future information, it's a minicab app. 
Unless of course their drivers complete the knowledge. 




This from Bloomberg:
Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing company ousted Joe Sullivan, chief security officer, and one of his deputies for their roles in keeping the hack under wraps.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.


“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.”

Hackers have successfully infiltrated numerous companies in recent years. The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc.and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack. The breach is the latest explosive scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.

Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.

Sullivan spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year. Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

Check out the Decryted podcast below:



Here’s how the hack went down: 

Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”


Uber has earned a reputation for flouting regulations in areas where it has operated since its founding in 2009. The U.S. has opened at least five criminal probes into possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property, people familiar with the matters have said. The San Francisco-based company also faces dozens of civil suits. London and other governments have taken steps toward banning the service, citing what they say is reckless behavior by Uber.

In January 2016, the New York attorney general fined Uber $20,000 for failing to promptly disclose an earlier data breach in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy settlement even as it haggled with the hackers on containing the breach, Uber said. The company finally agreed to the FTC settlement three months ago, without admitting wrongdoing and before telling the agency about last year’s attack.

The new CEO said his goal is to change Uber’s ways. Uber said it informed New York’s attorney general and the FTC about the October 2016 hack for the first time on Tuesday. Khosrowshahi asked for the resignation of Sullivan and fired Craig Clark, a senior lawyer who reported to Sullivan. The men didn’t immediately respond to requests for comment.

The company said its investigation found that Salle Yoo, the outgoing chief legal officer who has been scrutinized for her responses to other matters, hadn’t been told about the incident. Her replacement, Tony West, will start at Uber on Wednesday and has been briefed on the cyberattack.


“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said in the emailed statement.

Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, as an adviser. He will help the company restructure its security teams. Uber hired Mandiant, a cybersecurity firm owned by FireEye Inc., to investigate the hack.

The company plans to release a statement to customers saying it has seen “no evidence of fraud or misuse tied to the incident.” Uber said it will provide drivers whose licenses were compromised with free credit protection monitoring and identity theft protection.

Source Bloomberg

TAXI LEAKS EXTRA BIT :

 


Find out how to delete the toxic app, click link below

https://www.imore.com/how-to-delete-your-uber-account?amp