Friday, 24 November 2017

Data Breach and Cover-Up Further Eroding Uber Image

Ride-hailing pioneer Uber has recently suffered a serious a blow to its reputation after officials in London failed to renew the company's operating licence following a discovery that illegal software was being used to circumvent official policy that bars government workers from using the service. In short, Uber has been accused by London of cheating the system. Their reputation will not fare any better on recent news that tens of millions of customers and drivers have been hacked – and the company has known about it for more than a year.

The BBC and other news outlets report that some 57 million Uber customers and drivers are victims of a data breach that occurred back in 2016. Not only did the company know about the breach at the time, but they also failed to report the fact to regulators as is required by law. Making matters worse is the fact that Uber paid the hackers $100,000 (£75,000) to delete the data they stole.

Both law and common sense would dictate that Uber report the breach when first discovered. They probably also should not have paid the ransom without making at least some attempt to fight the hackers. Why they paid and chose not to tell regulators is anyone's guess.

A Series of Missteps


This latest episode with Uber is just another in a long list of mishaps over the last three or four years. Former chief executive Travis Kalanick deserves much of the blame, as his management style and Lone Ranger mentality have upset customers, employees and investors alike.

Kalanick was at the helm when the data breach occurred. The BBC speculates that he may have prevented chief security officer Joe Sullivan or anyone else from reporting it because the company, at that time, was trying to secure a new round of funding. For his part, Sullivan resigned when news of the data breach broke.

Bigger Issues in Play


The BBC's Dave Lee says the biggest part of the problem is not the data breach itself, but the cover-up allegedly orchestrated by Kalanick. He says that most customers and drivers would eventually have forgiven Uber if they had been up front and forthright about what happened. Now that we know they refused to do so, forgiveness and future trust may be harder to come by.

All the Uber-specific implications aside, there are some bigger issues in play here. Most important is how the hackers managed to steal the information. They did it by hacking into Github, an online portal where software developers publish and share their work. Once inside, the hackers were able to find Uber's login credentials to Amazon Web Services. This is the cloud computing service Uber uses to host its software – and data.

Github and Amazon Web Services are equally culpable here. If either one knew about the hack when it occurred, neither reported it. Moreover, Amazon Web Services accounts for a significant portion of cloud software solutions used across the globe. They have some answering to do as well.

No comments:

Post a Comment