Uber Paid Hackers $100,000 or £75,000, To Delete 57M Stolen Data

Back in 2016, taxi service provider Uber experienced a massive hacking issue that affected nearly 50 million passengers and 7 million taxi drivers’ personal information, as confirmed by the company.

However, there are reports that it settled an amount of $100,000 to the hacking group to delete the millions of data they stole during that time.

According to the latest reported news through RT.com, Uber had paid the hacking group in order to request for deletion of the stolen information from its millions of drivers and passengers. The popular alternative taxi service provider spent almost $100,000 to settle the hackers last year.

Uber had reportedly requested the hackers to keep the data breach in secret.

To make sure that the company does lose the trust of its passengers and drivers, Dara Khosrowshani confirmed the issue about hacking in 2016 on Tuesday. They want to show transparency and honesty to the people about the data breach.

“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” said Dara as quoted by the reported news.

Khosrowshani is the new Chief Executive Officer (CEO) of Uber Technologies Inc.

From the published information through Bloomberg, the company spent about $100,000 to settle the two hackers and the agreement is that they will delete the stolen personal data such as email addresses, names mobile phone numbers and an estimated 600,000 numbers of driver’s licenses.

In line with this issue, the company made a decision to fire Joe Sullivan this week because he got involved to the massive data breach last year, which occurred last October in 2016, the report from Bloomberg added.

Joe Sullivan is the former Chief Security Officer of the company and such incident really affected his reputation.

To make sure the affected passengers and drivers are aware of the situation, Uber provided them with individual resource pages wherein they will have free credit monitoring as well as protection against identity theft, as detailed on the news online. The alternative taxi-provider however revealed that the history of locations, dates of births, credit card numbers, bank accounts and Social Security numbers of the affected individuals are not part of the data breach.

“The incident did not breach our corporate systems or infrastructure,” said the new CEO of the company.

“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” he continued.

Uber likewise stated through Khosrowshani that at least two persons became responsible for the massive hacking of the personal data. They already terminated them and one of them is the former Chief Security Officer Joe Sullivan as detailed above. The other involved person is a deputy officer of Sullivan.

According to the news published by express.co.uk, the former security officer of Uber made a decision to hide the issue as an effort to cover up the possible security and privacy scrutiny that might affect the company. This incident occurred during the discussions with the United States regulators that investigated the mishandling of the personal data of the affected passengers and riders.

The investigation started last October to determine the faults of Sullivan’s team, which caused the breach. Again, the new CEO wants a transparency to its valued drivers and passengers for the ongoing investigation.

Based on the investigation as reported online, the hacking groups made use of a code repository (GitHub) and this is similar what the engineering department of the company is using.

They successfully hacked the personal information through an Amazon cloud server.

EU to Impose New Privacy Law on 2018, E-Commerce Businesses Must Prepare

From a decent point of view, an online business with a privacy policy has the exact management of the available information. This kind of policy is necessary in assuring both the owner of the website and the users the right agreement on how to gather, use, share and protect the users’ data during the actual visit from the website.

In the past years even when they introduced the Internet, majority of the web-based businesses do not have this privacy policy. However, the different issues that bother many ecommerce businesses online somehow triggered the decision to setup this type of policy and almost all business owners who run their websites imposed this guideline.

This is besides having a page for About Us, Terms of Use and Disclaimer.

Lately, there had been different reports online particularly in the United States about the implemented privacy policies of many businesses. As published through ecommercetimes.com, businesses in the U.S. have a privacy policy and regulated by the Federal Trade Commission (FTC). Under the rules of this commission, there is actually not necessary for a website to have such policy and if it has an existing one, the business must adhere to it and avoid any violation.

 

FTC actually can impose penalties and file lawsuits for businesses that do not adhere to their own privacy policy just like what happened to LifeLock, which the commission sued for its negligence before.

 

According to the news published by E-Commerce Times, there is a huge change next year regarding the privacy rights online of which the European Union (EU) will implement by May 2018. They are going to change the existing “EU Data Directive” or “EU Data Protection Directive 95/46/EC into “EU GDPR.” As detailed from the information about this new regulation, it will assure the data privacy rights of the citizens of EU and normalize the data privacy laws in the European region.

 

The basis of the regulations is that a person has a fundamental right to privacy and businesses or corporations have no right to sell or purchase such individual privacy.

 

As for those organizations in the United States, the reported news said that they might not learned about the upcoming policy of EU or think that they will only implement the GDPR in organization based in the European Union. On the other hand, it appears that this new policy next year will cover all the businesses or organizations that provide services or sell products, or that checks data coming from EU, and this is irrespective of the origin.

 

Any business or organization that provides service or sells products, or need to monitor information from the citizens of EU, the new regulations will cover them and subjected.

 

The published news information likewise revealed that businesses in America are now worrying about two important matters, which is enforcement and applicability. It may be possible that large-scale businesses can easily adjust to the new guidelines, but perhaps not for those small businesses. One reason is that they still need to determine if their clients are really origination from the European region.

 

The EU GDPR does not also exempt Cloud services because they usually store users’ data worldwide and not only in a particular region. This is the reason why they also need to learn about the upcoming regulations and determine of what effects they need to anticipate.

 

The current regulation mainly focuses on monitoring large-scale or multinational businesses and not those small-scales.  However, the new guidelines on May 2018 directly change this conventional approach. This is the exact reason why businesses in the U.S. and other parts of the world must start reviewing the available information about the EU GDPR ahead of time.

 

Surely, the penalties or charges for those who will not comply can hurt their finances and so awareness is very important.

Reaper Malware Attacks Infected Millions of Internet Connected Devices

Professional malware software developers do not only target laptops and personal computers because even tablets, mobile and Smartphone users are experiencing unwanted attacks from these types of intruders. Almost all types of electronic devices that access over the Internet. Due to the increasing numbers of reports about cyber attacks that steal personal information from the targeted victims, it is definitely important for us to become aware of this widespread issue and the exact solutions to counter them.

With the development of the Android and IOS operating system units, malware attackers are becoming more interested in threatening the users. One reason is that millions of people from all parts of the world choose to invest for advanced Smartphone devices, than those ordinary items on the market. This is very similar to those who are investing for high-end laptops, PCs and tablets because they want something that feature the newest technological elements.

From the latest reported news online about cyber attacks, there are experts in cyber-security who gave a warning about the possible upcoming cyber hurricane caused by the recent Reaper malware, which infected millions of the devices that connects to the Internet.

The widespread of the infected devices can affect the Internet worldwide.

“Our research suggests we are now experiencing the calm before an even more powerful storm,” said Check Point Software. It added that it has no idea on how the code be employed or the damage extent caused by the attack, as detailed through RT.com on Wednesday.

Reaper malware is also popular as lo Trooper and this is a huge robotic network zombie (also known as Botnet) and it immediately infected millions of Internet Things devices, the reported news added. To mention of these affected devices include video recorders, web-cameras and security surveillance cameras.

From the observation Netlab 360, the malware is expanding or spreading actively and possible queuing millions of IPs from the infected devices through injecting the malicious code from the system.

According from the recorded data of those involved cyber-security experts, the found out about the zombie robotic network in the middle of September this year and originated from the Mirai Botnet source code, which infected websites by using the denial-of-distribution (DDoS) attacks October 2016. As explained by the cyber experts last year, the attacks became the biggest online security invasion in history and successfully took down the Internet within the United States.

The main victim of the Mirai Botnet is the Dyn Company, which has the capacity to control most of the domain name system (DNS) infrastructure of the Internet. The exact date of the attack last year is on October 21, 2016 and became dominant within that day.

It infected websites such as Reddit, the Guardian, Twitter, CNN, Spotify as well as other US and Europe-based online sites. Almost 164 nations worldwide had affected with the Mirai Botnet.

According to Maya Horowitz, Reaper already made an effort to improve the Mirai Botnet and the code is capable of functioning into almost 100 different activities. Unfortunately, the code source is still unidentifiable and can possible continuously infecting more and more electronic devices.

Horowitz is from the Check Point Software and they continue the investigation.

The exact function of Reaper is to exploit the current vulnerabilities in many Internet devices and then inject unknown malicious code. When it succeeded, it will then begin the attack based on the exploited vulnerabilities or weaknesses of the targeted devices.

As expected, the users will not have any idea about the malicious attacks.

In line with this issue, cyber experts from Check Point likewise reported few months ago that about 14 million Android units were infected the CopyCat malware. This particular attack helped the hackers to earn almost $1.5 million within just 60 days through bogus advertisement revenues, as reported through checkpoint.com last July.