優(yōu)步5700萬(wàn)用戶(hù)數(shù)據(jù)被黑客竊取 曾支付10萬(wàn)美元封口費(fèi)
Uber Technologies Inc. paid hackers $100,000 to keep secret a massive breach last year that exposed the personal information of about 57 million accounts of the ride-service provider, the company said on Tuesday.
科技公司優(yōu)步21日表示,該公司曾向黑客支付10萬(wàn)美元(約合人民幣66萬(wàn)元),以掩蓋發(fā)生在2024年的一起大規(guī)模信息泄露事件。此次事件導(dǎo)致優(yōu)步5700萬(wàn)名用戶(hù)的個(gè)人信息外泄。
Discovery of the cover-up resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.
今年8月接替優(yōu)步聯(lián)合創(chuàng)始人特拉維斯?卡蘭尼克出任該公司首席執(zhí)行官的達(dá)拉?科斯羅薩西稱(chēng),發(fā)現(xiàn)有人隱瞞實(shí)情后,優(yōu)步解雇了兩名涉事員工。
"None of this should have happened and I will not make excuses for it," Khosrowshahi said in a blog post.
科斯羅薩西在博客中表示:“這些事情不應(yīng)該發(fā)生,我不會(huì)為此找借口。”
The breach occurred in October 2024 but Khosrowshahi said he had only recently learned of it.
他稱(chēng),這起信息泄露事件發(fā)生在2024年10月,不過(guò)他最近才了解實(shí)情。
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world and the names and license numbers of 600,000 US drivers, Khosrowshahi said.
科斯羅薩西說(shuō),被竊取的信息包括全球優(yōu)步用戶(hù)的姓名、郵箱和電話(huà)號(hào)碼,以及60萬(wàn)美國(guó)優(yōu)步司機(jī)的駕照號(hào)。
Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.
優(yōu)步表示,乘客不必?fù)?dān)心,因?yàn)闆](méi)有證據(jù)表明有人借此詐騙,不過(guò)他們會(huì)向駕照號(hào)被盜的司機(jī)提供免費(fèi)的身份竊取保護(hù)和信用檢測(cè)服務(wù)。
Bloomberg News first reported the data breach on Tuesday.
彭博資訊社21日率先報(bào)道了這次數(shù)據(jù)泄露事件。
Khosrowshahi said Uber had begun notifying regulators. The New York attorney general has opened an investigation, a spokeswoman said. Regulators in Australia and the Philippines said on Wednesday they would look into the matter.
科斯羅薩西稱(chēng),優(yōu)步已經(jīng)在通知監(jiān)管部門(mén)。一位女發(fā)言人表示,紐約總檢察長(zhǎng)已對(duì)此事展開(kāi)調(diào)查。澳大利亞及菲律賓的監(jiān)管機(jī)構(gòu)22日稱(chēng),他們將調(diào)查此事。
Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week because of their role in the handling of the incident. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber.
優(yōu)步稱(chēng),因?yàn)樵谶@起事件中處置不力,該公司首席安全官喬伊?沙利文及其副手克雷格?克拉克本周已被解雇。沙利文是優(yōu)步安全主管兼副總顧問(wèn),曾任臉書(shū)網(wǎng)首席安全官及聯(lián)邦檢察官。
Kalanick learned of the breach in November 2024, a month after it took place, a source familiar with the matter told Reuters. At the time, the company was negotiating with the US Federal Trade Commission over the handling of consumer data. A board committee had investigated the breach and concluded that neither Kalanick nor Salle Yoo, Uber’s general counsel at the time, were involved in the cover-up, another person familiar with the issue said. The person did not say when the investigation took place.
據(jù)知情人士向路透社透露,優(yōu)步前首席執(zhí)行官卡蘭尼克在2024年11月,也就是事件發(fā)生一個(gè)月后得知情況。當(dāng)時(shí),該公司正在與美國(guó)聯(lián)邦貿(mào)易委員會(huì)就如何處理消費(fèi)者數(shù)據(jù)進(jìn)行協(xié)商。據(jù)另一名知情者透露,公司董事委員會(huì)對(duì)這起泄露進(jìn)行了調(diào)查,結(jié)論是卡蘭尼克及時(shí)任優(yōu)步法律總顧問(wèn)的薩爾都與隱瞞不報(bào)的行為無(wú)關(guān)。該知情者并沒(méi)有說(shuō)明調(diào)查是何時(shí)進(jìn)行的
Uber said on Tuesday it was obliged to report the theft of the drivers’ license information and had failed to do so.
優(yōu)步21日表示,該公司有義務(wù)將司機(jī)駕照信息被盜的事件上報(bào),但卻未能盡到義務(wù)。
Kalanick, through a spokesman, declined to comment. The former CEO remains on the Uber board of directors, and Khosrowshahi has said he consults with him regularly.
卡蘭尼克通過(guò)其發(fā)言人表示,對(duì)此拒絕置評(píng)。他現(xiàn)在仍是優(yōu)步董事會(huì)成員,而科斯羅薩西曾表示,自己經(jīng)常會(huì)向卡蘭尼克咨詢(xún)。
Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigation officials and private security companies have told Reuters that an increasing number of companies are paying criminal hackers to recover stolen data.
雖然向黑客付款的事情很少公開(kāi),但美國(guó)聯(lián)邦調(diào)查局官員及私人安保公司告訴路透社,為了恢復(fù)被盜數(shù)據(jù),越來(lái)越多的公司向黑客犯罪分子支付贖金。
“The economics of being a bad guy on the internet today are incredibly favorable,” said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.
加州網(wǎng)絡(luò)安全公司Area 1 Security聯(lián)合創(chuàng)始人奧倫?法爾科維茨表示:“如今,在互聯(lián)網(wǎng)上作惡非常有利可圖。”
Uber has a history of failing to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2024 that its employees had used a software tool called “God View” to track passengers.
優(yōu)步此前就有過(guò)未能保護(hù)好司機(jī)及乘客數(shù)據(jù)的歷史。黑客曾竊取過(guò)優(yōu)步司機(jī)的信息。該公司2024年承認(rèn),其員工利用一款名為“上帝視角”的軟件工具追蹤乘客。
Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company’s security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
科斯羅薩西21日表示,他已經(jīng)聘請(qǐng)了美國(guó)國(guó)家安全局前法律總顧問(wèn)馬特?奧爾森,重新規(guī)劃公司的安全團(tuán)隊(duì)和措施。優(yōu)步還雇傭了火眼公司旗下的網(wǎng)絡(luò)安全公司曼蒂恩特調(diào)查這次信息泄露事件。
Uber Technologies Inc. paid hackers $100,000 to keep secret a massive breach last year that exposed the personal information of about 57 million accounts of the ride-service provider, the company said on Tuesday.
科技公司優(yōu)步21日表示,該公司曾向黑客支付10萬(wàn)美元(約合人民幣66萬(wàn)元),以掩蓋發(fā)生在2024年的一起大規(guī)模信息泄露事件。此次事件導(dǎo)致優(yōu)步5700萬(wàn)名用戶(hù)的個(gè)人信息外泄。
Discovery of the cover-up resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.
今年8月接替優(yōu)步聯(lián)合創(chuàng)始人特拉維斯?卡蘭尼克出任該公司首席執(zhí)行官的達(dá)拉?科斯羅薩西稱(chēng),發(fā)現(xiàn)有人隱瞞實(shí)情后,優(yōu)步解雇了兩名涉事員工。
"None of this should have happened and I will not make excuses for it," Khosrowshahi said in a blog post.
科斯羅薩西在博客中表示:“這些事情不應(yīng)該發(fā)生,我不會(huì)為此找借口。”
The breach occurred in October 2024 but Khosrowshahi said he had only recently learned of it.
他稱(chēng),這起信息泄露事件發(fā)生在2024年10月,不過(guò)他最近才了解實(shí)情。
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world and the names and license numbers of 600,000 US drivers, Khosrowshahi said.
科斯羅薩西說(shuō),被竊取的信息包括全球優(yōu)步用戶(hù)的姓名、郵箱和電話(huà)號(hào)碼,以及60萬(wàn)美國(guó)優(yōu)步司機(jī)的駕照號(hào)。
Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.
優(yōu)步表示,乘客不必?fù)?dān)心,因?yàn)闆](méi)有證據(jù)表明有人借此詐騙,不過(guò)他們會(huì)向駕照號(hào)被盜的司機(jī)提供免費(fèi)的身份竊取保護(hù)和信用檢測(cè)服務(wù)。
Bloomberg News first reported the data breach on Tuesday.
彭博資訊社21日率先報(bào)道了這次數(shù)據(jù)泄露事件。
Khosrowshahi said Uber had begun notifying regulators. The New York attorney general has opened an investigation, a spokeswoman said. Regulators in Australia and the Philippines said on Wednesday they would look into the matter.
科斯羅薩西稱(chēng),優(yōu)步已經(jīng)在通知監(jiān)管部門(mén)。一位女發(fā)言人表示,紐約總檢察長(zhǎng)已對(duì)此事展開(kāi)調(diào)查。澳大利亞及菲律賓的監(jiān)管機(jī)構(gòu)22日稱(chēng),他們將調(diào)查此事。
Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week because of their role in the handling of the incident. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber.
優(yōu)步稱(chēng),因?yàn)樵谶@起事件中處置不力,該公司首席安全官喬伊?沙利文及其副手克雷格?克拉克本周已被解雇。沙利文是優(yōu)步安全主管兼副總顧問(wèn),曾任臉書(shū)網(wǎng)首席安全官及聯(lián)邦檢察官。
Kalanick learned of the breach in November 2024, a month after it took place, a source familiar with the matter told Reuters. At the time, the company was negotiating with the US Federal Trade Commission over the handling of consumer data. A board committee had investigated the breach and concluded that neither Kalanick nor Salle Yoo, Uber’s general counsel at the time, were involved in the cover-up, another person familiar with the issue said. The person did not say when the investigation took place.
據(jù)知情人士向路透社透露,優(yōu)步前首席執(zhí)行官卡蘭尼克在2024年11月,也就是事件發(fā)生一個(gè)月后得知情況。當(dāng)時(shí),該公司正在與美國(guó)聯(lián)邦貿(mào)易委員會(huì)就如何處理消費(fèi)者數(shù)據(jù)進(jìn)行協(xié)商。據(jù)另一名知情者透露,公司董事委員會(huì)對(duì)這起泄露進(jìn)行了調(diào)查,結(jié)論是卡蘭尼克及時(shí)任優(yōu)步法律總顧問(wèn)的薩爾都與隱瞞不報(bào)的行為無(wú)關(guān)。該知情者并沒(méi)有說(shuō)明調(diào)查是何時(shí)進(jìn)行的
Uber said on Tuesday it was obliged to report the theft of the drivers’ license information and had failed to do so.
優(yōu)步21日表示,該公司有義務(wù)將司機(jī)駕照信息被盜的事件上報(bào),但卻未能盡到義務(wù)。
Kalanick, through a spokesman, declined to comment. The former CEO remains on the Uber board of directors, and Khosrowshahi has said he consults with him regularly.
卡蘭尼克通過(guò)其發(fā)言人表示,對(duì)此拒絕置評(píng)。他現(xiàn)在仍是優(yōu)步董事會(huì)成員,而科斯羅薩西曾表示,自己經(jīng)常會(huì)向卡蘭尼克咨詢(xún)。
Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigation officials and private security companies have told Reuters that an increasing number of companies are paying criminal hackers to recover stolen data.
雖然向黑客付款的事情很少公開(kāi),但美國(guó)聯(lián)邦調(diào)查局官員及私人安保公司告訴路透社,為了恢復(fù)被盜數(shù)據(jù),越來(lái)越多的公司向黑客犯罪分子支付贖金。
“The economics of being a bad guy on the internet today are incredibly favorable,” said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.
加州網(wǎng)絡(luò)安全公司Area 1 Security聯(lián)合創(chuàng)始人奧倫?法爾科維茨表示:“如今,在互聯(lián)網(wǎng)上作惡非常有利可圖。”
Uber has a history of failing to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2024 that its employees had used a software tool called “God View” to track passengers.
優(yōu)步此前就有過(guò)未能保護(hù)好司機(jī)及乘客數(shù)據(jù)的歷史。黑客曾竊取過(guò)優(yōu)步司機(jī)的信息。該公司2024年承認(rèn),其員工利用一款名為“上帝視角”的軟件工具追蹤乘客。
Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company’s security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
科斯羅薩西21日表示,他已經(jīng)聘請(qǐng)了美國(guó)國(guó)家安全局前法律總顧問(wèn)馬特?奧爾森,重新規(guī)劃公司的安全團(tuán)隊(duì)和措施。優(yōu)步還雇傭了火眼公司旗下的網(wǎng)絡(luò)安全公司曼蒂恩特調(diào)查這次信息泄露事件。
