Somewhere in Cali HQ in 2016:
"That looks odd..."
"Ummmm.... Bugger! Emergency Release!"
.... a year later
"Patch issued, post incident analysis complete, let's tell people about it."
"About what? I'm busy with this flying car concept mock-up"
Uber has finally come up with a figure for the number of UK-based riders and drivers affected by its massive data breach: 2.7 million. The taxi hire firm has been slammed by regulators around the world for keeping the hack, which happened in October 2016, quiet for the best part of a year. To make matters worse, when it …
Given email address and phone number then plenty of scope for well targeted phishing as wrongdoers can also send SMS as "proof" they are whatever org you have given phone number and email address to (obvious phish to fry would be FB, Gmail (if gmail address) etc.
Especially with a lot of orgs pushing towards 2FA & people used to getting a text with 2FA code & emails with link to enter taht code to log in.
Many countries have Data security breach laws in place that require companies to notify customers ( small window of time ) of a data breach that has compromised PII data. UBER just does what the hell it wants because its run by a bunch frat boys. One reason why you guys a kicking there ass out of London right?
Given the amount of time Uber have been sitting on this, you wonder what their security people have been doing in the mean time.
Oh, hang on...
Which, along with their decision to pay off the hackers, does make you wonder about their relationship with the black hats. And, indeed, whether any other information was leaked that perhaps Uber wouldn't want to admit to having in their possession. Though in view of the impeccable integrity of the company's staff from the board room down, I'm surely just being paranoid.
Given Uber's reluctance to come completely clean on this one has to think very carefully about there being any possible motive to slow-down the release of the information that everyone needs to know.
So, is this delay as result of Uber being just an incompetent outfit that's mined/stolen more data than it can handle? Or, is this a tactical delay because there is more to this than they've currently fessed up to? Is the number bigger? Is the stolen data potentially more damaging?
Since they've been busted for so many transgressions (with more issues yet to even get into court yet) do you actually believe anything they say?
I'd be really interested in hearing about Reg readers that still have the app installed and are still using them and the reason why. Lets breakout (more) popcorn!
Easy: Boycott - stop using uber. Permanently.
This company has a history of: bad employer behaviour, lack of proper treatment for employees ('workers'), not reporting serious sexual offences to police, sexual harassment within the uber offices, lack of reporting sexual reports/offences by drivers to the council and/or police.
Why would you continue to contribute to their funds? Don't be a user of uber. Don't be an investor of uber. The fact they have lost hundreds of millions of dollars *per year* is enough to tell you they are trying to eradicate local taxi competition through any means possible. They are amongst the most immoral tech-companies in existence.
You can't buy shares in it directly as it is owned privately, however you can buy shares in some of their shareholders:
Alibaba (New York)
Tencent (Hong Kong)
Rakuten (Tokyo)
Softbank (Tokyo, they also have a holding in Über)
General Motors (New York)