(Updated 07:08 am PT with information on the GitHub subpoena)
Uber reported Friday that it was hacked last year, resulting in an unauthorized access to 50,000 drivers’ names and license plate numbers by a third party.
In a post on its corporate blog, the app-based car service company said it discovered the breach in September, although it’s not clear why it waited until now to make the event public. The post noted that an investigation showed the breach had been conducted on May 13, 2014.
A “John Doe” lawsuit has been filed by the company, at least initially to provide a legal vehicle for collecting information.
Uber has subpoenaed developer collaboration site GitHub, seeking the IP addresses of anyone who viewed a specific post — which apparently contained a login key — from March to September of 2014. GitHub has declined to voluntarily turn over the information.
After discovering the attack, User said, it changed protocols for the database and notified the drivers.
“We have not received any reports of actual misuse of information as a result of this incident,” the company posted, adding that it has contacted the drivers and offered a free one-year membership to Experian’s ProtectMyID Alert.
The approximately 50,000 drivers whose data was lifted are spread out across “multiple states,” Uber said, and represent only a small percentage of the total number of current and former drivers.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more