优步5700万用户数据被黑客窃取 曾支付10万美元封口费
Uber Technologies Inc. paid hackers $100,000 to keep secret a massive breach last year that exposed the personal information of about 57 million accounts of the ride-service provider, the company said on Tuesday.
科技公司优步21日表示,该公司曾向黑客支付10万美元(约合人民币66万元),以掩盖发生在2016年的一起大规模信息泄露事件。此次事件导致优步5700万名用户的个人信息外泄。
Discovery of the cover-up resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.
今年8月接替优步联合创始人特拉维斯•卡兰尼克出任该公司首席执行官的达拉•科斯罗萨西称,发现有人隐瞒实情后,优步解雇了两名涉事员工。
"None of this should have happened and I will not make excuses for it," Khosrowshahi said in a blog post.
科斯罗萨西在博客中表示:“这些事情不应该发生,我不会为此找借口。”
The breach occurred in October 2016 but Khosrowshahi said he had only recently learned of it.
他称,这起信息泄露事件发生在2016年10月,不过他最近才了解实情。
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world and the names and license numbers of 600,000 US drivers, Khosrowshahi said.
科斯罗萨西说,被窃取的信息包括全球优步用户的姓名、邮箱和电话号码,以及60万美国优步司机的驾照号。
Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.
优步表示,乘客不必担心,因为没有证据表明有人借此诈骗,不过他们会向驾照号被盗的司机提供免费的身份窃取保护和信用检测服务。
Bloomberg News first reported the data breach on Tuesday.
彭博新闻社21日率先报道了这次数据泄露事件。
Khosrowshahi said Uber had begun notifying regulators. The New York attorney general has opened an investigation, a spokeswoman said. Regulators in Australia and the Philippines said on Wednesday they would look into the matter.
科斯罗萨西称,优步已经在通知监管部门。一位女发言人表示,纽约总检察长已对此事展开调查。澳大利亚及菲律宾的监管机构22日称,他们将调查此事。
Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week because of their role in the handling of the incident. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber.
优步称,因为在这起事件中处置不力,该公司首席安全官乔伊•沙利文及其副手克雷格•克拉克本周已被解雇。沙利文是优步安全主管兼副总顾问,曾任脸书网首席安全官及联邦检察官。
Kalanick learned of the breach in November 2016, a month after it took place, a source familiar with the matter told Reuters. At the time, the company was negotiating with the US Federal Trade Commission over the handling of consumer data. A board committee had investigated the breach and concluded that neither Kalanick nor Salle Yoo, Uber’s general counsel at the time, were involved in the cover-up, another person familiar with the issue said. The person did not say when the investigation took place.
据知情人士向路透社透露,优步前首席执行官卡兰尼克在2016年11月,也就是事件发生一个月后得知情况。当时,该公司正在与美国联邦贸易委员会就如何处理消费者数据进行协商。据另一名知情者透露,公司董事委员会对这起泄露进行了调查,结论是卡兰尼克及时任优步法律总顾问的萨尔都与隐瞒不报的行为无关。该知情者并没有说明调查是何时进行的
Uber said on Tuesday it was obliged to report the theft of the drivers’ license information and had failed to do so.
优步21日表示,该公司有义务将司机驾照信息被盗的事件上报,但却未能尽到义务。
Kalanick, through a spokesman, declined to comment. The former CEO remains on the Uber board of directors, and Khosrowshahi has said he consults with him regularly.
卡兰尼克通过其发言人表示,对此拒绝置评。他现在仍是优步董事会成员,而科斯罗萨西曾表示,自己经常会向卡兰尼克咨询。
Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigation officials and private security companies have told Reuters that an increasing number of companies are paying criminal hackers to recover stolen data.
虽然向黑客付款的事情很少公开,但美国联邦调查局官员及私人安保公司告诉路透社,为了恢复被盗数据,越来越多的公司向黑客犯罪分子支付赎金。
“The economics of being a bad guy on the internet today are incredibly favorable,” said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.
加州网络安全公司Area 1 Security联合创始人奥伦•法尔科维茨表示:“如今,在互联网上作恶非常有利可图。”
Uber has a history of failing to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2014 that its employees had used a software tool called “God View” to track passengers.
优步此前就有过未能保护好司机及乘客数据的历史。黑客曾窃取过优步司机的信息。该公司2014年承认,其员工利用一款名为“上帝视角”的软件工具追踪乘客。
Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company’s security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
科斯罗萨西21日表示,他已经聘请了美国国家安全局前法律总顾问马特•奥尔森,重新规划公司的安全团队和措施。优步还雇佣了火眼公司旗下的网络安全公司曼蒂恩特调查这次信息泄露事件。