Rideshare companies have revolutionized the way people get around big cities without a car. They are so convenient and affordable when compared to traditional taxi services.
Unfortunately, one of the leading ridesharing companies has been caught conducting some pretty shady practices. Now, Uber has exposed literally millions of users' critical data in a massive breach.
Uber confirmed that it has concealed a massive hack that affected 57 million customers.
Here's more about the Uber hack
Bloomberg reported that the company's former chief executive knew about the breach over the year ago. Only now, do we hear news of this massive data breach from Uber. Why is that? We'll address that another time. The 2016 data breach was hidden by the company.
But get this:
Uber actually paid hackers $100,000 to delete the data. Really?
"Here's a hundred grand you hackers and you promise to delete all the records, right? Pinky swear!"
According to Uber, the hackers stole 57 million names, email addresses, and mobile phone numbers including names and license details of around 600,000 drivers.
It appears that location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth have not been exposed. But who knows. You have to assume that the hackers have it all.
According to Uber's official statement, its drivers have always been offered free credit monitoring protection but affected customers will not be afforded the same. Uber believes that individual riders do not need to take any action but it still advises its customers to regularly monitor their credit and accounts, including their Uber account for any issues.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Uber's chief executive Dara Khosrowshahi said.
"You may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it," Khosrowshahi continued.
This is still a developing story and we'll update it as more details emerge.
Any time there is a massive data breach there are safety steps that you should take.
Keep an eye on your accounts
You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when there is a massive data breach. If you see anything that seems strange, report it immediately. It's the best way to keep your financial accounts safe.
Set up two-factor authentication
Note: Uber does not offer two-factor authentication.
Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. This is an extra layer of security that will help keep your accounts safe. Click here to learn how to set up two-factor authentication.
Although Uber doesn't offer it, it adds another layer of protection against the inevitable credential reuse attacks on your other accounts.
Whenever you hear news of a data breach, it's a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well. Read this article to help you create hack-proof passwords.
Beware of other scams
Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. You need to familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.