back to article Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

Uber's CEO Dara Khosrowshahi today revealed hackers broke into the ride-hailing app's databases and stole personal information on 57 million passengers and drivers – information including names, email addresses, and phone numbers. And the cyber-thieves made off with 600,000 US driver records that included their license numbers …

  1. JohnFen Silver badge
    FAIL

    Rotten to the core

    Uber has been operating as a criminal enterprise for years, so this revelation is hardly shocking. In my opinion, criminality is so baked into the Uber culture that the first thing required to begin to change it is a complete replacement of the the board of directors and all of upper management. The rot has been there for so long, and is so deep, that it's hard to see how real change is possible without that.

  2. veti Silver badge

    Re: Rotten to the core

    And they've got a new CEO, and he's firing C-level people in an effort to clean house.

    Look, I despise Uber as much as the next person. I still take taxis. But for pete's sake, if the company is trying to clean up its act, at least give it credit for what it does.

    Otherwise it'll have no incentive to change its ways, because it gets condemned either way.

  3. Anonymous Coward
    Anonymous Coward

    'at least give it credit for what it does.'

    Fuck Uber.... Annihilation of all competition while ripping everyone's privacy to sheds is their sole and only goal!

    ~~~

    https://www.nakedcapitalism.com/2016/12/can-uber-ever-deliver-part-four-understanding-that-unregulated-monopoly-was-always-ubers-central-objective.html

    ~~~

    https://www.theregister.co.uk/2017/08/15/uber_ftc_settlement/

    https://www.theregister.co.uk/2014/11/20/senator_franken_uber_privacy_probe/

    https://www.theregister.co.uk/2017/04/24/uber_cloaked_its_spying_but_apple_gave_it_a_wrist_slap/

    https://www.wired.com/insights/2015/01/uber-privacy-woes-cautionary-tale/

    http://www.firstpost.com/business/android-phone-ubers-new-privacy-policy-will-spook-2269042.html

    https://www.theregister.co.uk/2015/06/22/epic_uber_ftc/

  4. Charlie Clark Silver badge

    Re: Rotten to the core

    Otherwise it'll have no incentive to change its ways, because it gets condemned either way.

    What is the purpose of Uber the company if not to screw other people?

  5. Ledswinger Silver badge

    Re: Rotten to the core

    complete replacement of the the board of directors and all of upper management

    Would that be enough? All the mid level managers and even employees have operated in the shadow of the crooks, gropers and idiots. You can have organisations where only the management are corrupt (I've worked for some), but I'd imagine that the "Uber way" has been baked in from its days as a start up. As much as anything else, there's been so much dirt that Uber has kicked over itself, and yet the current employees have acquiesced, and continued to work there. What does that tell us?

    IMHO the only solution is to close down Uber as a corporation, and sell the IP to somebody willing to start the business from scratch, using the same platform and consumer offer, but with 100% different people. But I can't see that happening.

  6. israel_hands

    Re: Rotten to the core

    The problem runs deeper than just he amoral dipshits running it though. The entire business model is fucked from the start, something rotten and diseased that can only exist by feeding billions into the cash furnace at its heart while trying to hide itself in the cracks between laws and regulations.

    They lose something like 40% on every fare, they don't employ people properly and have been found guilty of dicking them over on even the amounts they do pay them. They avoid almost all taxes, don't put anything back into the system in terms of providing standard benefits for the drivers they claim not to employ. Changing the names of the bellends in charge won't fix any of that, and if they do start operating as an actual company, paying taxes and abiding by regulations they'll lose even more money than they are now.

  7. Peter2 Silver badge

    Re: Rotten to the core

    I wouldn't say it's totally fucked as a business model. If it manages to force the taxi companies paying taxes and properly employing their drivers out of business, then Uber becomes a total monopoly and can then jack prices up to take advantage of being a monopoly.

    It's certainly rotton and diseased as a company and business model. The biggest surprise is that the people who usually claim to be for protecting the oppressed via worker protections and rules and regulations are actually the biggest supporters of Uber and are loudly agitating to prevent governments from taking action to protect companies playing by the rules.

  8. nematoad Silver badge
    Unhappy

    Re: Rotten to the core

    "...and yet the current employees have acquiesced, and continued to work there. What does that tell us?"

    That these people need a wage to put food on the table, pay the mortgage etc.

    Do you really hate Uber so much that you want to punish everyone connected with this rotten organisation? That's unjust and unfair. Like every human organisation there will be good people and bad people working there. It's just that in this instance most of the bad sorts seem to have risen to the top.

  9. Just Enough

    Re: Rotten to the core

    You still don't understand. Uber is a self appointed "disruptive innovator". That means all the old boring laws and regulations don't apply to it. Stop trying to cramp its innovations! Laws are for squares and corporate suits! Get with the revolution!

  10. Anonymous Coward
    Anonymous Coward

    Re: Rotten to the core

    Do you really hate Uber so much that you want to punish everyone connected with this rotten organisation?

    Yes and Why Not? Is the total destruction of the little people to get at the One Bad Guy at The Top not the holy principle applied to every "regime change" and "humanitarian intervention" since forever!? Why should we treat someone like Uber differently from everyone else we don't like the leadership of?

    PS:

    The minions still get "food on the table" after Uber is a smoking hole in the ground, only, they have to apply for welfare first!

  11. The Man Who Fell To Earth Silver badge
    FAIL

    Re: Rotten to the core

    Uber & the VC's behind it should be prosecuted under RICO.

  12. Warm Braw Silver badge

    Re: Rotten to the core

    These people need a wage to put food on the table, pay the mortgage etc

    At what income does the argument "the ends justify the means" become invalid?

  13. JohnFen Silver badge

    Re: Rotten to the core

    " Like every human organisation there will be good people and bad people working there."

    True, but this isn't an example of some "bad people". This is a bad company, designed to be such from day 1. There comes a point at which good people have to stop ignoring that they're working for such a company and leave it. With Uber, that point was years ago. I really question whether those who stick with the company can be considered "good people" as an absolute term. Not to say they're bad people -- but they are ethically compromised.

  14. unwarranted triumphalism Bronze badge

    Re: Rotten to the core

    You lot refuse to put your own house in order; we need competition.

    Start by cleaning up your own act.

  15. Voyna i Mor Silver badge

    Re: Rotten to the core

    "What is the purpose of Uber the company if not to screw other people?"

    The transfer of wealth from poorer people to richer people. Trickle up economics, in fact.

    Poor people getting screwed is incidental. In fact, I doubt it ever occurred to the founders because, for entitled bros, poor people don't really exist until you want the trash taken out. Or cheap drivers.

  16. The Nazz Silver badge

    Re: Rotten to the core

    I've often said that the executives and directors of firms acting this way should suffer criminal sanctions/prosecutions. Even more so when one of the main culprits, Joe Sullivan, is an ex federal prosecutor.

    So that's two life terms for him.

  17. Eddy Ito Silver badge

    Re: Rotten to the core

    I wouldn't say it's totally fucked as a business model. If it manages to force the taxi companies paying taxes and properly employing their drivers out of business, then Uber becomes a total monopoly and can then jack prices up to take advantage of being a monopoly.

    That's a crappy business model. Forcing taxi companies out of business by hemorrhaging vast sums of cash is pretty stupid and not sustainable. One might think that once they have a monopoly they could raise their fees but they have already slit their own throats. The only reason taxi companies had a monopoly was because of "the rules" and government limiting who could enter the market space by use of the ever precious medallions. Once that government repression is eliminated and the market is wide open and anyone with a car and an app can then enter the market and compete, like Lyft, there can be no monopoly. Monopolies really only thrive when they have government backing which is also why the phone company was a monopoly for such a long time.

    Uber's main problem has been that it has been so Machiavellian in how it goes about trying to undercut laws and hinder competitors that it mostly forgot about what the original goal was. It went from providing a service to blindly adopting win at all costs tactics that are ultimately self destructive as we've witnessed in these first stages of collapse. At this point it really needs a hard reboot with a refreshed business plan and a lot of chlorine to sanitize the corporate culture. The question is whether they will succeed in turning it around before investors decide to cut their losses and likewise the flow of cash currently running into the furnace.

  18. JohnFen Silver badge

    Re: Rotten to the core

    "And they've got a new CEO, and he's firing C-level people in an effort to clean house."

    Neither of which amount to a new board and upper management. I understand that the CEO says he's trying to clean house, and if that's true, then I applaud the effort. However, I don't see how that means that the company should escape criticism, and I don't see how that means the company should be viewed with any less skepticism than before.

    If/when Uber manages to become at least a minimally ethical company, I'll praise them for it. But not before.

  19. DanceMan

    Re: The biggest surprise is that the people who usually claim

    "The biggest surprise is that the people who usually claim to be for protecting the oppressed via worker protections and rules and regulations are actually the biggest supporters of Uber"

    In BC the Green Party leader has been actively agitating for the gov't to allow Uber. Sensibly, the new NDP gov't has been delaying a decision. One can hope.

  20. Mark 85 Silver badge

    Re: Rotten to the core

    In my opinion, criminality is so baked into the Uber culture that the first thing required to begin to change it is a complete replacement of the the board of directors and all of upper management.

    Possibly it should go further down the chain. There's the "shadow of the leader" thing that spreads over time. Seems to be corrupt all the way from the Board to the drives of late.

  21. Hans 1 Silver badge

    Re: Rotten to the core

    That these people need a wage to put food on the table, pay the mortgage etc.

    We all choose where we work, nobody comes along with a M16 shouting "Sign THAT", they don't threaten your family if you don't obey.

    Uber are scum and anybody still working there "deserves" what is to come. There are plenty of much better places to work for and it does not look like there is a shortage of job positions of various types.

    I do feel sorry for the non-employees, though, who work their balls off 24/7 for peanuts driving people around and being ripped off by scum, however, pretty sure there is a market for a competitor ... Uber has really blackened its name ...

  22. Charles 9 Silver badge

    Re: Rotten to the core

    "We all choose where we work, nobody comes along with a M16 shouting "Sign THAT", they don't threaten your family if you don't obey."

    No, they put price tags and taxes on everything, and no one else is willing to hire you. Ethics start going out the window when you can't put food on the table. Desperation is one of the greatest motivators for turning to crime.

  23. redpawn Silver badge

    Inside Job?

    Assurances from data thieves accepted?

  24. macjules Silver badge

    Re: Inside Job?

    Wondered about that as well.

    At the time of the incident, we took immediate steps to secure ..

    That's CEO-speak for "we secured the stable door after the horse had bolted".

  25. Adam 52 Silver badge

    Re: Inside Job?

    Why not? If you know who they are and have the ability to bring charges resulting in serious prison time if they renege on the deal it seems a fairly secure arrangement.

    This happens all the time. Muppet commits keys to github, three random people get them, one of those three uses them. Corporate security/legal team contacts that person and asks them to delete what they've found. Usually it's just someone being curious and they're happy to, or already have.

    If that person's a bit more ruthless and wants to gouge you for money, well it's probably worth it. Just paying the lawyers and CEO and all the PR people will cost more than Uber paid. It's a far cry from paying up to an anonymous ransomware author using Bitcoin.

  26. Anonymous Coward
    Anonymous Coward

    Re: Inside Job?

    They made a pinky promise to delete the data and of course thievery is such an honourable profession that they can be trusted.

  27. Anonymous Coward
    Anonymous Coward

    Re: Inside Job?

    Just shoot the horse.

  28. Sir Runcible Spoon Silver badge
    Devil

    Devils Advocate

    Out if curiosity, if Uber has published the breach and the miscreants had sold the data, how would the resulting situation be better for those people whose details were exposed?

  29. fajensen Silver badge

    Re: Devils Advocate

    The situation is that their details are still exposed and that the thieves now have 100 kUSD also.

  30. Sir Runcible Spoon Silver badge

    Re: Devils Advocate

    The details are still *at risk* of exposure, sure - but are they actually out of the box?

  31. Adam 52 Silver badge

    thieves

    The implication that there's any I'll intent, which is causing people to use the word "thieves" is entirely a fabrication of El Reg. It's not in Uber's statement.

  32. JohnFen Silver badge

    Re: Devils Advocate

    " but are they actually out of the box?"

    By definition, yes. The data is in the hands of people it should not be in the hands of.

  33. Sir Runcible Spoon Silver badge

    Re: Devils Advocate

    By definition, yes. The data is in the hands of people it should not be in the hands of.

    I understand what you are saying, just as I think you understand what I'm driving at, so could you lay off the pedantry for a moment and consider the actual question?

    Yes, the data is theoretically still in the hands of the miscreants as there is no way to be certain they deleted it. However, there is also no data to suggest the purloined information is available to anyone else *other* than them (i.e. it hasn't been sold on the black market that we know of).

    So, to re-iterate the question: If Uber hadn't paid them off and the miscreants had sold the info on to other nefarious individuals to exploit, how much better/worse off would those affected be?

    And if anyone pedants on that I'll just give you up for a bunch of gummy-bear brains :P

  34. Ledswinger Silver badge

    Re: Devils Advocate

    By definition, yes. The data is in the hands of people it should not be in the hands of.

    Yes - Uber.

    I suppose they haven't been involved in genocide, but it is getting to the point where you have to ask what laws they haven't broken.

  35. JohnFen Silver badge

    Re: Devils Advocate

    "s I think you understand what I'm driving at"

    I wasn't trying to be pedantic. I think I simply don't understand what you were driving at. Are you suggesting that as long as the data isn't passed along to even more criminals, then all is OK? Because that's really what it sounds like.

    To answer your question -- obviously, the more criminals who possess the data, the worse everybody is (up to a point, anyway). The point I raise is one of relevance. The data is already in the hands of criminals, so everybody is already harmed. If we assume the data stays just in the hands of the criminals who stole it (and there is literally zero reason to assume that, but let's just say for the sake of argument), the damage is still done.

  36. Sir Runcible Spoon Silver badge

    Re: Devils Advocate

    I'm not suggesting that there is no harm that criminals have possession of this data, I'm suggesting that it would be worse if the information were actually being used to harm those people who are in the dataset.

    From a moral point of view, Uber have failed totally here, but from a practical point of view they may have actually done the best thing under the circumstances. That's kind of what I was getting at.

    Like most things, it isn't always cut and dried as most people seem prepared to sacrifice principles for the sake of expediency.

  37. Anonymous Coward
    Anonymous Coward

    Wonder if it might be late enough and in the spirit of El Reg irreverence to misappropriate SS ranks for these individuals....

    Copy might read then something like....

    "Uberst Gruppen Fuhrer Dara Khosrowshahi today revealed hackers broke into the ride-hailing app's databases....."

    and

    "Uber Sturm Bann Fuhrer Joe Sullivan ordered that the crooks be paid off, the stolen files erased......"

    ...Godwin's Law is only breached if bring up the Bohemian Corporal and there's an outside chance they might actually be offended.

  38. Michael Thibault Bronze badge

    Uberst Gruppen Fuhrer Anonymous Coward, you seem peculiarly well-informed about these ranks... Won't you step into the office? We'd like to have a little chat with you. Off the record, of course.

  39. MJB7

    Re: SS ranks

    Aaargh! What's with all the random spaces and capital letters in the middle of perfectly good German words: "Oberstgruppenführer" and "Ubersturmbannführer" (or if you can't do umlauts, at least "Oberstgruppenfuehrer" and "Ubersturmbannfuehrer")

  40. Anonymous Coward
    Anonymous Coward

    >you seem peculiarly well-informed about these ranks

    Apparently not since it appears I spelt them incorrectly - it's probably that MJB7 chap you should be worrying about - he does the umlauts and everything.

  41. Commswonk Silver badge

    ...it's probably that MJB7 chap you should be worrying about - he does the umlauts and everything.

    For your future reference ü is Alt0252, or it is with Windows anyway.

    As any fule kno.

  42. stephanh Silver badge

    Some points I'd like to make

    1. There was never an SS rank Übersturmbahnführer, with or without umlauts. It's all Ober-whatever, "Ober" meaning "Senior" in this context.

    2. If that was an intended part of the joke, I obviously didn't get it.

    3. There was, however, a book on the topic of the "Übermensch", namely "Also sprach Zarathustra".

    4. It was popular in some Nazi circles.

    5. Although actually *reading* it was a bit too much for the average Nazi thug.

    6. The book is mostly not about taxi driving.

    7. Although there is some stuff about camels in there.

  43. graeme leggett Silver badge

    Re: SS ranks

    Shouldn't it be in italics as well ?

    Bitte schon

  44. David Nash Silver badge

    Re: Some points I'd like to make

    2. Of course it was part of the joke. It's a story about Uber (no umlaut).

  45. Anonymous Coward
    Anonymous Coward

    Re: Some points I'd like to make

    >There was, however, a book on the topic of the "Übermensch", namely "Also sprach Zarathustra".

    To be honest you're not selling it all that well - any relation to that amazing Deodato track which was shamelessly ripped off by Sträüss for his 2001 soundtrack?

  46. Solmyr ibn Wali Barad

    Re: SS ranks

    Jawohl, Herr Oberhurenjägerführer!

  47. Michael Thibault Bronze badge

    Re: SS ranks

    I wondered about there being no words with camel-case, so just did a copy-pasta. I've returned to raid the pantry and, fortunately, there's new intelligence. Thanks for the tips MJ.

  48. Anonymous Coward
    Anonymous Coward

    'the intruders accessed cloud-hosted data stores'

    Welcome to CloudFog - Cyberpunk - Cyberwar 101 - First Edition!

    Now tell that to shareholders who let corporations migrate to Cloud.

  49. Anonymous Coward
    Anonymous Coward

    Re: Now tell that to shareholders who let corporations migrate to Cloud.

    It's true. No locally stored data has ever been compromised, just cloud stuff. How could people be so stupid as to think that a global corporation could manage a data centre better than my mate Terry does ours?

  50. Pen-y-gors Silver badge

    Re: 'the intruders accessed cloud-hosted data stores'

    The incident did not breach our corporate systems or infrastructure.

    Yes it did - regardless of whether you store data on a USB stick, a networked server or in the cloud, they're all part of your corporate systems and infrastructure!

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018