Hackers plundered the personal information of 57 million Uber customers and drivers — however company lined up the breach for a year, paying the pirates to keep quiet instead, according to a new report.
Names, email addresses and phone numbers for 50 million riders and information from 7 million drivers were exposed in the October 2016 hack — and the company learned about it a month later, Bloomberg reports.
But instead of reporting the breach to regulators or victims, the company acquiesced to the hackers’ demands for $100,000 to delete the data, according to the report.
Uber officials now admit the company should’ve come clean at the time.
“None of this should have happened, and i will not make excuses for it,” ceo Dara Khosrowshahi told Bloomberg. “We square measure changing the way we do business.”
The hack wasn’t sophisticated — the digital thieves broke into the accounts of 2 Uber engineers on the coding site Github, where they found the passwords to some online data storage that contained the personal information, according to the report.
The thieves then contacted Uber to demand the money.
This isn’t the first time the company has been hacked — or failed to report it. Uber agreed to a $20,000 settlement with new york attorney General Eric Schneiderman last year after it took several months to own up to a data breach.