優步5700萬用戶數據被黑客竊取 曾支付10萬美元封口費
Uber Technologies Inc. paid hackers $100,000 to keep secret a massive breach last year that exposed the personal information of about 57 million accounts of the ride-service provider, the company said on Tuesday.
科技公司優步21日表示,該公司曾向黑客支付10萬美元(約合人民幣66萬元),以掩蓋發生在2024年的一起大規模信息泄露事件。此次事件導致優步5700萬名用戶的個人信息外泄。
Discovery of the cover-up resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.
今年8月接替優步聯合創始人特拉維斯?卡蘭尼克出任該公司首席執行官的達拉?科斯羅薩西稱,發現有人隱瞞實情后,優步解雇了兩名涉事員工。
"None of this should have happened and I will not make excuses for it," Khosrowshahi said in a blog post.
科斯羅薩西在博客中表示:“這些事情不應該發生,我不會為此找借口。”
The breach occurred in October 2024 but Khosrowshahi said he had only recently learned of it.
他稱,這起信息泄露事件發生在2024年10月,不過他最近才了解實情。
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world and the names and license numbers of 600,000 US drivers, Khosrowshahi said.
科斯羅薩西說,被竊取的信息包括全球優步用戶的姓名、郵箱和電話號碼,以及60萬美國優步司機的駕照號。
Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.
優步表示,乘客不必擔心,因為沒有證據表明有人借此詐騙,不過他們會向駕照號被盜的司機提供免費的身份竊取保護和信用檢測服務。
Bloomberg News first reported the data breach on Tuesday.
彭博資訊社21日率先報道了這次數據泄露事件。
Khosrowshahi said Uber had begun notifying regulators. The New York attorney general has opened an investigation, a spokeswoman said. Regulators in Australia and the Philippines said on Wednesday they would look into the matter.
科斯羅薩西稱,優步已經在通知監管部門。一位女發言人表示,紐約總檢察長已對此事展開調查。澳大利亞及菲律賓的監管機構22日稱,他們將調查此事。
Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week because of their role in the handling of the incident. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber.
優步稱,因為在這起事件中處置不力,該公司首席安全官喬伊?沙利文及其副手克雷格?克拉克本周已被解雇。沙利文是優步安全主管兼副總顧問,曾任臉書網首席安全官及聯邦檢察官。
Kalanick learned of the breach in November 2024, a month after it took place, a source familiar with the matter told Reuters. At the time, the company was negotiating with the US Federal Trade Commission over the handling of consumer data. A board committee had investigated the breach and concluded that neither Kalanick nor Salle Yoo, Uber’s general counsel at the time, were involved in the cover-up, another person familiar with the issue said. The person did not say when the investigation took place.
據知情人士向路透社透露,優步前首席執行官卡蘭尼克在2024年11月,也就是事件發生一個月后得知情況。當時,該公司正在與美國聯邦貿易委員會就如何處理消費者數據進行協商。據另一名知情者透露,公司董事委員會對這起泄露進行了調查,結論是卡蘭尼克及時任優步法律總顧問的薩爾都與隱瞞不報的行為無關。該知情者并沒有說明調查是何時進行的
Uber said on Tuesday it was obliged to report the theft of the drivers’ license information and had failed to do so.
優步21日表示,該公司有義務將司機駕照信息被盜的事件上報,但卻未能盡到義務。
Kalanick, through a spokesman, declined to comment. The former CEO remains on the Uber board of directors, and Khosrowshahi has said he consults with him regularly.
卡蘭尼克通過其發言人表示,對此拒絕置評。他現在仍是優步董事會成員,而科斯羅薩西曾表示,自己經常會向卡蘭尼克咨詢。
Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigation officials and private security companies have told Reuters that an increasing number of companies are paying criminal hackers to recover stolen data.
雖然向黑客付款的事情很少公開,但美國聯邦調查局官員及私人安保公司告訴路透社,為了恢復被盜數據,越來越多的公司向黑客犯罪分子支付贖金。
“The economics of being a bad guy on the internet today are incredibly favorable,” said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.
加州網絡安全公司Area 1 Security聯合創始人奧倫?法爾科維茨表示:“如今,在互聯網上作惡非常有利可圖。”
Uber has a history of failing to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2024 that its employees had used a software tool called “God View” to track passengers.
優步此前就有過未能保護好司機及乘客數據的歷史。黑客曾竊取過優步司機的信息。該公司2024年承認,其員工利用一款名為“上帝視角”的軟件工具追蹤乘客。
Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company’s security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
科斯羅薩西21日表示,他已經聘請了美國國家安全局前法律總顧問馬特?奧爾森,重新規劃公司的安全團隊和措施。優步還雇傭了火眼公司旗下的網絡安全公司曼蒂恩特調查這次信息泄露事件。
Uber Technologies Inc. paid hackers $100,000 to keep secret a massive breach last year that exposed the personal information of about 57 million accounts of the ride-service provider, the company said on Tuesday.
科技公司優步21日表示,該公司曾向黑客支付10萬美元(約合人民幣66萬元),以掩蓋發生在2024年的一起大規模信息泄露事件。此次事件導致優步5700萬名用戶的個人信息外泄。
Discovery of the cover-up resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.
今年8月接替優步聯合創始人特拉維斯?卡蘭尼克出任該公司首席執行官的達拉?科斯羅薩西稱,發現有人隱瞞實情后,優步解雇了兩名涉事員工。
"None of this should have happened and I will not make excuses for it," Khosrowshahi said in a blog post.
科斯羅薩西在博客中表示:“這些事情不應該發生,我不會為此找借口。”
The breach occurred in October 2024 but Khosrowshahi said he had only recently learned of it.
他稱,這起信息泄露事件發生在2024年10月,不過他最近才了解實情。
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world and the names and license numbers of 600,000 US drivers, Khosrowshahi said.
科斯羅薩西說,被竊取的信息包括全球優步用戶的姓名、郵箱和電話號碼,以及60萬美國優步司機的駕照號。
Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.
優步表示,乘客不必擔心,因為沒有證據表明有人借此詐騙,不過他們會向駕照號被盜的司機提供免費的身份竊取保護和信用檢測服務。
Bloomberg News first reported the data breach on Tuesday.
彭博資訊社21日率先報道了這次數據泄露事件。
Khosrowshahi said Uber had begun notifying regulators. The New York attorney general has opened an investigation, a spokeswoman said. Regulators in Australia and the Philippines said on Wednesday they would look into the matter.
科斯羅薩西稱,優步已經在通知監管部門。一位女發言人表示,紐約總檢察長已對此事展開調查。澳大利亞及菲律賓的監管機構22日稱,他們將調查此事。
Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week because of their role in the handling of the incident. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber.
優步稱,因為在這起事件中處置不力,該公司首席安全官喬伊?沙利文及其副手克雷格?克拉克本周已被解雇。沙利文是優步安全主管兼副總顧問,曾任臉書網首席安全官及聯邦檢察官。
Kalanick learned of the breach in November 2024, a month after it took place, a source familiar with the matter told Reuters. At the time, the company was negotiating with the US Federal Trade Commission over the handling of consumer data. A board committee had investigated the breach and concluded that neither Kalanick nor Salle Yoo, Uber’s general counsel at the time, were involved in the cover-up, another person familiar with the issue said. The person did not say when the investigation took place.
據知情人士向路透社透露,優步前首席執行官卡蘭尼克在2024年11月,也就是事件發生一個月后得知情況。當時,該公司正在與美國聯邦貿易委員會就如何處理消費者數據進行協商。據另一名知情者透露,公司董事委員會對這起泄露進行了調查,結論是卡蘭尼克及時任優步法律總顧問的薩爾都與隱瞞不報的行為無關。該知情者并沒有說明調查是何時進行的
Uber said on Tuesday it was obliged to report the theft of the drivers’ license information and had failed to do so.
優步21日表示,該公司有義務將司機駕照信息被盜的事件上報,但卻未能盡到義務。
Kalanick, through a spokesman, declined to comment. The former CEO remains on the Uber board of directors, and Khosrowshahi has said he consults with him regularly.
卡蘭尼克通過其發言人表示,對此拒絕置評。他現在仍是優步董事會成員,而科斯羅薩西曾表示,自己經常會向卡蘭尼克咨詢。
Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigation officials and private security companies have told Reuters that an increasing number of companies are paying criminal hackers to recover stolen data.
雖然向黑客付款的事情很少公開,但美國聯邦調查局官員及私人安保公司告訴路透社,為了恢復被盜數據,越來越多的公司向黑客犯罪分子支付贖金。
“The economics of being a bad guy on the internet today are incredibly favorable,” said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.
加州網絡安全公司Area 1 Security聯合創始人奧倫?法爾科維茨表示:“如今,在互聯網上作惡非常有利可圖。”
Uber has a history of failing to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2024 that its employees had used a software tool called “God View” to track passengers.
優步此前就有過未能保護好司機及乘客數據的歷史。黑客曾竊取過優步司機的信息。該公司2024年承認,其員工利用一款名為“上帝視角”的軟件工具追蹤乘客。
Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company’s security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
科斯羅薩西21日表示,他已經聘請了美國國家安全局前法律總顧問馬特?奧爾森,重新規劃公司的安全團隊和措施。優步還雇傭了火眼公司旗下的網絡安全公司曼蒂恩特調查這次信息泄露事件。
