Back to blog

Hacking Horror Stories Vol.3 – Uber Data Breach

Oct 25, 2018 by Becci Velzian

In the lead up to Halloween we’ve decided to take our Hacking Horror Stories up a whole new level and resurrect some terrifying tales of security breaches and their repercussions!

With the proliferation of technology and the increasing consumer prerequisite for instant services at their fingertips, the simple and convenient Uber app now services 75 million riders around the world. The San Franciscan taxi app has since completed 4 billion trips worldwide in 600+ cities.


Even though the company is loved by many for its unbeatable efficiency, it hasn’t had the easiest ride over the years. Uber has been subject to fire-blazing riots in protest against the firm’s cheaper rates undercutting the market subsequently meaning a loss of jobs for traditional taxi drivers.

Uber: The Data Breach

The one-tap taxi firm has also experienced two major data breaches over the years. Its first encounter with hackers was in May 2014 where the data of 50,000 drivers had been breached including their driving licenses, names and emails. Although this wasn’t overly detrimental as no bank details had been acquired, this still didn’t look great on the companies’ security efforts. What was more shocking was that the breach hadn’t been discovered until September 2014, meaning the hackers had access to their databases for 6 whole months.

Uber: The Return of the Data Breach 2016

After a very public and disastrous data breach in 2014, you would have thought the taxi app would have gone the extra mile to prevent this from happening again. But instead, they added more fuel to their fire and were breached for the second time.

According to Bloomberg who initially wrote about the data breach, Uber experienced its second crash in cyber security because two hackers were able to log in with passwords they had obtained on a private GitHub coding site used by the Uber software engineers. They then logged in to Uber’s Amazon Web Services account, where they found an archive of 57 million customers data including both rider and driver information.

Consequently, the taxi app drove itself into a vast security breach case. The hackers blackmailed Uber and asked them for a settlement of $100,000 in return for their silence and deletion of files, which Uber CSO Joe Sullivan and ex-CEO Travis Kalanick obviously paid. I imagine they did this out of fear of history repeating itself, to avoid job losses, and protect them against some hefty lawsuits, to name just a few of the many typical repercussions businesses face after a data breach. Unsurprisingly, ex-CEO Kalanick resigned after the breach and a series of additional scandals.

Uber proceeded to conceal the data breach for over a year, until new CEO Dara Khosrowshahi came forward about the breach and the poor handling of the situation. The Uber CSO Joe Sullivan and another senior executive were immediately fired for the gross negligence of the situation. Uber are now being sued $148 million for the data breach cover up by its riders, drivers and cities.

This Uber data breach really drove its customers up the wall, not once but twice…


How to Avoid a Data Breach

Both breach scenarios could have been avoided. Despite being a significant and strong threat to any business, any and all breaches are fundamentally avoidable, and the risk of attack can be minimised through good security practice, robust protection technologies, and increased visibility across your environment, enabling you to detect threat vectors or patterns of account abuse.  if Uber’s IT admin had correctly monitored their environment for unknown logins, conducted regular audits and set up the correct alerts on activity, they would have been more likely to correctly identify that employee accounts were being abused. With the Office 365 security and auditing capabilities available in our SaaS application Radar Reporting you can see precisely what’s happening in your tenant. Drill down into specific user actions, date ranges, or suspicious activity with advanced filtering, alerting and timeline features. Radar Reporting simplifies and demystifies the complex mass of audit data produced by Office 365, transforming it into something that can be searched, reviewed, and investigated quickly and easily. The benefit of this is that you can be proactive and preventative in your approach to security, enabling you to stay one step ahead when identifying the scope and impact of data breaches.

In addition to the security and audit features, you have access to 100+ highly customisable reports which enable you to not only protect your data, but also drive service adoption, support the management of passwords, optimize spend on licensing, and review SharePoint online permissions and mailbox security. For example, you can see below that Radar Reporting fully itemises this information on your dashboard, so it’s hard to miss incidents like Ubers.

If you want to see how advanced Office 365 security reporting and analytics can help you better understand and protect your environment, why not explore our live demo, or sign up for a free 14-day trial?