Uber: No evidence hackers took rider credit card numbers

DETROIT — An outside cyber security firm hired by Uber after a massive data theft found no evidence that rider credit card, bank account or Social Security numbers were downloaded by two hackers, the company said in a response to demands for information from U.S. senators.

But the ride-hailing company disclosed that in some cases, the hackers got location information from the place where people signed up for Uber, as well as heavily encoded versions of user passwords.

On Nov. 21, Uber disclosed that names, email addresses and mobile-phone numbers of 57 million drivers and riders had been stolen. In a letter to four Republican senators led by Commerce committee Chairman John Thune of South Dakota, the company says that Mandiant, the security firm, found 32 million of those are outside the U.S. and 25 million are inside. Of the total, 7.7 million are drivers, mostly in the U.S., and hackers got driver's license numbers for 600,000 of them, according to the letter from new Uber CEO Dara Khosrowshahi.

The ride-hailing company also said it has not seen evidence of fraud or misuse of data taken in the breach, which lasted more than a year before being disclosed. Two employees were fired for not disclosing the theft to "appropriate parties," the letter said.

The hackers emailed Uber's U.S. security team anonymously on Nov. 14, 2016 telling them about the breach and demanding a payment. Uber tracked down the breach in private cloud data stored on Amazon's web services and shut down access, which came through a "compromised credential," the letter said.

The security team agreed to pay $100,000 to the hackers for an agreement to delete the data, and later tracked down the hackers' real names. Both signed documents assuring that the stolen data was destroyed, Khosrowshahi wrote. Team members found that the hackers first gained access on Oct. 13, 2016, and there was no further access after Nov. 15, 2016, the letter said.

Uber notified the U.S. Attorney's offices in San Francisco and Manhattan, as well as other government agencies, on Nov. 21 of this year, but it's not clear whether any criminal investigation has been started. Neither office confirmed nor denied an investigation.

Uber installed additional protections to stop hackers, including a two-step authentication for one of the services that was hacked, the letter said.

Related News

4 malnourished Hawaiian monk seals taken to...

Aug 25, 2016

Biologists say four malnourished Hawaiian monk seals have been taken from remote atolls to a Big...

SpaceX Dragon returns to Earth with station...

Aug 26, 2016

A SpaceX Dragon capsule is back on Earth with scientific gifts from the International Space Station

Obama creates world's largest marine protected...

Aug 26, 2016

President Barack Obama will quadruple in size a marine national monument created by President...

State: Benghazi emails involving Clinton...

Aug 30, 2016

The State Department says about 30 emails that may be related to the 2012 attack on U.S. compounds...

Google to expand Waze carpooling service in San...

Aug 30, 2016

Google is set to expand a San Francisco carpooling program that could morph into a showdown with...

Rare whale's recovery hurt by entanglements,...

Aug 31, 2016

Scientists say the ability of an endangered species of Atlantic whale to recover is jeopardized by...

Peaple also read these

State: Benghazi emails involving Clinton...

Aug 30, 2016

The State Department says about 30 emails that may be related to the 2012 attack on U.S. compounds...

Rare whale's recovery hurt by entanglements,...

Aug 31, 2016

Scientists say the ability of an endangered species of Atlantic whale to recover is jeopardized by...

Future climate change field test doesn't make...

Sep 5, 2016

For 17 years with experiments on more than 1 million plants, scientists put future global warming...

Apple is shifting the focus of its secret car...

Sep 10, 2016

Apple may not become an automaker, but it still wants to develop its own self-driving technology

Professors locked out of classrooms over labor...

Sep 14, 2016

A private university in New York City has locked out hundreds of professors as part of a labor...