Uber has revealed that it suffered a massive data breach in 2016 that affected 57 million people, an incident that the company concealed by paying the hackers $100,000, Uber wrote on its blog Tuesday.
Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick, wrote that he had only recently learned of the breach, which exposed the data of both users and drivers. The post shared that stolen information was mostly limited to names, email addresses, and phone numbers, although the driver's license numbers of 600,000 drivers in the United States were also compromised.
Khosrowshahi wrote that two hackers through a third-party cloud-based service used by Uber and that when the breach was discovered, the company's security team was able to prevent further access by the hackers.
"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed," the post read. "We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts."
While the blog post does not mention Uber paying the hackers, the company confirmed to NBC News that the hackers were paid $100,000 as a result of the breach. Uber has fired its chief security officer, Joe Sullivan, and his deputy due to their role in the handling of the incident.
"None of this should have happened, and I will not make excuses for it," Khosrowshahi wrote. "While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."
Photo Credit: Twitter / @Uber