Uber Paid Hackers to Delete Stolen Data on 57 Million People

Hackers stole the personal data of 57 million the consumers and motorists from Uber Engineering Inc ., a massive breach that the company disguised for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 pay to the attackers.

Compromised data from the October 2016 onslaught included identifies, mailing address and phone numbers of 50 million Uber equestrians around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million motorists was retrieved as well, including some 600,000 U.S. driver’s license numbers. No Social security systems amounts, charge card information, trip-up place details or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy misdemeanours. Uber now says it had a legal obligation to report the hacker to regulators and to drivers whose license amounts were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the the identity cards of the attackers.

” None of this should have happened, and I will not make excuses for it ,” Dara Khosrowshahi, who took over as chief operating officer in September, said in an emailed statement.” We are changing the space we do business .”

Read more: Uber Pushed the Restrictions of the Law. Now Comes the Reckoning

After Uber’s disclosure Tuesday, New York Attorney General Eric Schneiderman launched an investigation into the hack, his spokesperson Amy Spitalnick said. The company was also sued for negligence over the infringe by a customer seeking class-action status.

Hackers has been successful in infiltrated several companies in recent years. The Uber breach, while large-scale, is dwarfed by those at Yahoo, MySpace, Target Corp ., Anthem Inc . and Equifax Inc . What’s more alarming are the extreme assess Uber took to hide the attack. The breach is the latest scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.

Read more: Gadfly’s Shira Ovide says Kalanick must speak

QuicktakeCybersecurity

Kalanick, Uber’s co-founder and former CEO, learned of the hacker in November 2016, a few months after it has just taken place, the company said. Uber had just settled a lawsuit with the New York attorney general over data protection revealings and was in the process of negotiating with the Federal Trade Commission over the handled in buyer data. Kalanick declined to comment on the hack.

Joe Sullivan, the outgoing protection bos, spearheaded the response to the hacker last year, a spokesman told Bloomberg. Sullivan, a onetime “prosecutors ” who joined Uber in 2015 from Facebook Inc ., has been at the center of much of the decision-making that has come back to bite Uber this year. Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside constitution firm, detected the hack and the failure to disclose, Uber said.

Here’s how the hacker went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then use login credentials they secured there to access data stored on an Amazon Web Services account that handled calculating tasks for the company. From there, the hackers discovered an archive of rider and motorist information. Afterwards, they emailed Uber ask questions money, according to the company.

A patchwork of state and federal statutes require a corporation to alert people and government agencies when sensitive data transgress pass. Uber said it was obligated to report the hacker of driver’s license information and failed to do so.

” At the time of the incident, we took immediate steps to secure the data and shut down farther unauthorized access by the individuals ,” Khosrowshahi said.” We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts .”

Uber has earned a reputation for flouting regulations in areas where it has operated because it founding in 2009. The U.S. has opened at least five criminal probes into possible bribes, illicit software, questionable pricing schemes and stealing of a competitor’s intellectual property rights, people familiar with the issues have said. The San Francisco-based company likewise faces dozens of civil suits.

U.K. regulators including the National Crime Agency are also looking into the scale of the transgres. London and other governments have previously taken steps toward banning the services offered, quoting what they say is reckless action by Uber.

In January 2016, the New York attorney general penalty Uber $ 20,000 for failing to promptly disclose an earlier data infringe in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy village even as it haggled with the hackers on containing such violate, Uber said. The corporation eventually agrees with the FTC settlement three months ago, without declaring wrongdoing and before telling the agency about last year’s attack.

The new CEO said his goal is to change Uber’s spaces. Uber said it notified New York’s us attorney general and the FTC about the October 2016 hacker for the first time on Tuesday. Khosrowshahi asked for the resignation of Sullivan and fired Craig Clark, a senior lawyer who reported to Sullivan. The humankinds didn’t immediately respond to requests for comment.

Khosrowshahi said in his emailed proclamation:” While I can’t erase the past, I can devote on behalf of every Uber employee that we will learn from our mistakes .”

The company said its investigation found that Salle Yoo, the outgoing manager legal officer who has been scrutinized for her responses to subject matters, hadn’t been told about the incident. Her substitution, Tony West, will start at Uber on Wednesday and has been briefed on the cyberattack.

Kalanick was ousted as CEO in June under pressure from investors, who said he set the company at legal danger. He remains on the board and lately filled two seats he controlled.

Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and administrator of the National Counterterrorism Center, as an adviser. He will help the company restructure security and safety squads. Uber hired Mandiant, a cybersecurity firm owned by FireEye Inc ., to analyse the hack.

The company plans to freeing a statement to clients saying it has considered” no evidence of fraud or misuse tied to the incident .” Uber said it will provide motorists whose permissions were compromised with free credit protection monitoring and identity theft protection.

Niantics follow-up to Pokmon Go will be a Harry Potter AR game launching in 2018

Niantic Labs had immense success with Pokemon Go, which paired their expertise in construct location-based augmented world mobile experiences with a top-flight IP with a ravenous follower base. So, it stands to reason that we should expect a similar fan have responded to Harry Potter: Wizards Unite, an AR title set to launch in 2018, co-developed by Warner Bros. Interactive and its brand-new sub brand Portkey Games.

Niantic building a Harry Potter play similar to Pokemon Go was rumoured last year, when the company was of the view that it had acquired the rights to the app. But the rumour was subsequently debunked, oddly enough, with the original article containing the information drew from the web.

The app is now official, but the details are still scarce, with the launching timeframe of just sometime next year, but it sounds like there will be significant influence from the Niantic game Ingress, which permits players to stray the real world accumulating power-ups, defending places and investigating their environment.

The mechanics of Ingress would actually translate pretty well to the fictional Harry Potter world, and seems almost ready-made for a fantasy spell casting hair of paint to supersede its science-fiction special forces veneer. Also, like Pokemon Go, it could benefit from the spot database building up by Ingress originally( and expanded by the Pokemon title) to incorporate real-world sites into the in-game experience.

Update : Here’s a link to the official proclamation for Harry Potter: Wizards Unite .

Read more: https :// techcrunch.com/ 2017/11/ 08/ niantics-follow-up-to-pokemon-go-will-be-a-harry-potter-ar-game-launching-in-2 018 /