In a startling revelation, ride-hailing platform Uber has disclosed that two hackers “inappropriately accessed” in 2016 names, email addresses and phone numbers of 57 million customers and drivers, and the license numbers of around 600,000 drivers.
In a blog post on Wednesday, Uber CEO Dara Khosrowshahi revealed that the company has learned that in late 2016, it became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that it uses.
“The incident did not breach our corporate systems or infrastructure. However, the individuals were able to download files containing a significant amount of other information,” he posted. The breach included the names and driver’s license numbers of around 600,000 drivers in the US and some personal information of 57 million Uber users around the world.
“This information included names, email addresses and mobile phone numbers. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” Khosrowshahi posted.
At the time of the incident, Uber took immediate steps to secure the data and shut down further unauthorised access by the individuals. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts,” the Uber CEO said.