Uber has got rid of its chief security officer and announced that his team paid off hackers who stole data belonging to 57 million users. The ride-hailing app’s chief executive, Dara Khosrowshahi, said: “None of this should have happened, and I will not make excuses for it.” Former CSO, Joe Sullivan, presided over a loss of the names, email addresses and mobile phone numbers belonging to Uber drivers and passengers, according to Bloomberg. Mr Sullivan’s team then paid the hackers $100,000 to delete the data instead of notifying the victims. Uber’s former chief executive, Travis Kalanick, learned of the hack in 2016, according to Bloomberg – seven months before a shareholder revolt forced him to quit1 and replaced him with Mr Khosrowshahi. “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorised access by the individuals,” said Mr Khosrowshahi. Uber says it does not believe its customers need to take any action.
Image: ‘None of this should have happened, and I will not make excuses for it,’ said Uber’s CEO
“We have seen no evidence of fraud or misuse tied to the incident,” says a help page on its site.
“We are monitoring the affected accounts and have flagged them for additional fraud protection.” Mr Khosrowshahi said the data had been stolen from a “third-party cloud-based service” – understood to be Amazon Web Services, which the attackers accessed using legitimate passwords stolen via coding website Github. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed”.
The chief executive, who joined the company in August, added in his statement: “You may be asking why we are just talking about this now, a year later. “I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Image: Details of the hack come as Uber fights against the loss of its London licence
The data breach comes as Uber looks to improve its image after bad publicity during the tenure of Uber’s founder Travis Kalanick, and the decision by transport bosses in London to take away its licence. Mr Kalanick was ousted as chief executive in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits. Uber’s new boss said the company was now working with regulators on the breach and notifying drivers whose licence numbers were downloaded – as well as giving them credit monitoring and identity theft protection.
A review of its security is also taking place in conjunction with Matt Olsen, a former National Security Agency general counsel and cybersecurity expert.
Formula 1 tyre supplier Pirelli and McLaren have decided to cancel their planned Interlagos test due to safety concerns1 at the Brazilian Grand Prix venue. The two-day test, aimed at completing Pirelli’s evaluation work on its 2018 tyres, was scheduled to take place on Tuesday and Wednesday with McLaren drivers Stoffel Vandoorne and Lando Norris. But following a robbery attempt 2on Sunday targeting Pirelli staff, the tyre manufacturer announced on Monday that the test has been called off.
“Following a robbery attempt, neutralised by Pirelli security, on a Pirelli van at the Interlagos circuit last Sunday – after a weekend where similar episodes occurred with other teams – it has been decided to cancel the tyre test planned on Tuesday 14 and Wednesday 15 on the Brazilian circuit with McLaren,” Pirelli said in a statement. “The decision, shared with McLaren, FIA and Formula 1, was made in the interest of the safety of the personnel, both McLaren’s and our own, who would have participated in the test.”
A McLaren statement added: “The safety of our people has always been our top priority, and, given recent events, we felt that it was an unnecessary risk to proceed.” Members of the Mercedes, Williams and Sauber teams were involved in another two separate attacks3 outside the circuit during the grand prix weekend. Although there were no injuries in the incidents, questions have been raised about security around Interlagos given organisers had promised additional police around the circuit following the first attack.
World champion Lewis Hamilton had been one of the most vocal drivers in expressing dismay at the situation. “The most frustrating thing is that I’ve been in Formula 1 for 10 years and every single year that has happened to somebody in the paddock, and it continues to happen,” he said. “It’s an issue I’m sure the government here are fighting, but I think maybe on this weekend, there are protocols that should be put in place to help, like for example when we go to Mexico, which weren’t there for these guys.
“It’s no good just the bosses having security and myself having security . People need to be looked after.” The cancellation of the test should mean Formula 3 European champion Norris is able to make it to the Macau Grand Prix on time.
A runaway girl slipped through security checks and managed to get on an easyJet flight without a boarding pass, officials have said. The seven-year-old “took advantage of her small size” and pretended to be with adults in Geneva Airport – however, she was spotted by a flight attendant before the plane took off for Corsica. Footage showed she was initially turned away after trying to follow crew members on to an Air France flight, but succeeded on her second attempt after slipping through a gap only large enough for a small child. Air France had notified easyJet about the incident, with the low-cost airline then handing her over to the police. The bizarre incident, which officials admitted could have been much more serious, has prompted an investigation.
Image: Geneva Airport, where the girl snuck through security checks to board a plane
The girl had slipped away from her own parents at a railway station in Geneva before catching a train to the airport. A timeline put together by the airport indicates she passed security at about 1.47pm and boarded the plane at 2.20pm . The airport management found out about her at 2.50pm. Geneva airport spokesman Bernard Stampfli has described the incident as “eminently regrettable” – and said security checks are being enhanced to ensure all children are accompanied by adults. In a statement, easyJet acknowledged that “an unaccompanied child incorrectly boarded flight EZS1305 from Geneva to Ajaccio”, and said an investigation has been launched.
“The crew correctly identified the child should not be on board and immediately reported it to the police,” the statement added.