Uber reveals hack coverup

Photo: The Canadian Press

Uber is coming clean about its coverup of a year-old hacking attack that stole personal information about more than 57 million of the beleaguered ride-hailing service's customers and drivers.

So far, there's no evidence that the data taken has been misused, according to a Tuesday blog post by Uber's recently hired CEO, Dara Khosrowshahi. Part of the reason nothing malicious has happened is because Uber acknowledges paying the hackers $100,000 to destroy the stolen information.

The revelation marks the latest stain on Uber's reputation.

The San Francisco company ousted Travis Kalanick as CEO in June after an internal investigation concluded he had built a culture that allowed female workers to be sexually harassed and encouraged employees to push legal limits.

Khosrowshahi criticized Uber's handling of its data theft in his blog post.

"While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Khosrowshahi wrote. "We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers."

That pledge shouldn't excuse Uber's previous regime for its egregious behaviour, said Sam Curry, chief security officer for the computer security firm Cybereason.

"The truly scary thing here is that Uber paid a bribe, essentially a ransom to make this breach go away, and they acted as if they were above the law," Curry said. "Those people responsible for the integrity and confidentiality of the data in-fact covered it up."

The heist took the names, email addresses and mobile phone numbers of 57 million riders around the world. The thieves also nabbed the driver's license numbers of 600,000 Uber drivers in the U.S.