Uber revealed an year old massive data breach

Uber's Massive Data Breach

Nowadays, Cyber-attacks have become a common phenomenon of our daily life. From individual user to business tycoons & tech giants, all are threatened and affected by these cyber-attacks. Last month, on 21st November 2017, we all came across the horrifying news of Uber’s disclosure over massive data breach, occurred last year. As acknowledged by the Uber’s CEO Dara Khosrowshahi in his blog, personal & limited information of around 57 million Uber customers and 6,00,000 drivers were stolen and compromised. However, he also assured that none of the financial data of users like bank account details, credit/debit card details, including trip location history and social security number were accessed and downloaded by the attackers. Hackers managed to steal limited details like names, e-mail ID and phone numbers, only.

Further, Dara Khosrowshahi disclosed the involvement of two hackers (outside the organization) behind the stealing of data from Uber’s then third-party server, namely Amazon Web Services cloud server, using stolen credentials.

It is, pertinent to mention that this massive data breach occurred last year, in the month of October, when Travis Kalanick, the then CEO of Uber was leading the company. Travis Kalanick, along with two other security personnel was cognizable of the data breaches, and managed to hide it during his tenure until the new CEO Dara Khosrowshahi takes over the position, and decided to reveal the truth.

This data breach could have been seen or termed as one of the cyber-attack incidents, but the incident turns out into a scandal, when it was revealed that the company paid an amount of $ 1 million as ransom to hackers to delete stolen records and dispose off the incident of data breach. Instead, informing their customers about the breach and directing them to reset or modify their credentials/passwords as soon as possible, the company decided to keep mum and preferred to conceal and cover the data breach incident by paying hackers.

Like Uber, Yahoo and some other reputed names have taken more than a year, to reveal the information/incidents of data breaches & thefts. It is, obvious that the revelation of such incidents may impact their market and global value, but fooling their users and playing with their customer’s belief & faith, is not at all acceptable.


In our earlier posts also, we consistently focused on improving password based authentication & security, and using 2FA as passwords are no more reliable & secure. If you are not secured with 2FA, then you could be the next target of hacker/attackers. Leveraging two-factor authentication may seems to be only best possible solution to get freed out from the worries & epidemic of these rising cyber-attacks and data thefts.