Uber Security Covered Massive Breach, Bribed Hackers With $100k

What happened?

Uber fired its chief security officer and another employee this week following a huge data breach the ride-sharing company has been hiding for a year. Former head of security Joe Sullivan reportedly led the response to the hack, which happened when two attackers tapped Uber employees’ Github and Amazon Web Services information to steal a trove of rider and driver data. The company’s “solution” was not to report the breach properly and to give the hackers $100,000 purportedly in exchange for deleting the data.

How bad is it?

The hackers stole information about 57 million customers and drivers, including around 600,000 driver’s license numbers. The hacked data included names, email addresses and phone numbers, but Uber says the hack didn’t get Social Security numbers, credit cards or data about your location during trips.

Seems like a mess.

Uber has been here before. The company was hacked in 2014 and fined $20,000 for failing to disclose the security leak. While negotiating with the feds for a privacy settlement, Uber was simultaneously trying to pay $100K to hackers in exchange for deleting info about 57 million people.

This article provided courtesy of TheBlaze.

DOC: What would you do if you ran Uber? How would you handle the news that hackers got the personal information on 57 million customers and employees? What would you do if you were an investor in the company and you had discovered that managers hid that breach from the public, including those people who had their information stolen, customers, employees?

Think about that a moment. You ran the place. How would you handle that? How would you have handled it before, when you just found out about the hack? How would you handle it now after you found out that people tried to cover it up?

Hi there, it's Doc Thompson. I'm in for Glenn today. There's a specific reason why I'm asking you how you would handle it. And I'll open up the phone lines in a couple of minutes. 888-727-BECK. I'll also check out some of the tweets you sent to the program.

It's @DocThompsonshow. But there's a specific reason I really want to get your thoughts on this. Challenge yourself for a moment. What would you do if you ran Uber? Now, you're probably thinking to yourself, well, I wouldn't let it get to this point.

Let me explain what happened. Let me give you the details. And I challenge you to challenge yourself and come up with an answer in your own head, maybe share it with somebody that's next to you right now. Discuss it with them. And there's a reason I'm asking, that I'll get to in a moment.

Let me give you the details. More than a year ago, hackers got access to Uber's database. And they stole the personal information of about 50 million Uber users. If you used Uber, it may have been you. Name, email addresses, phone numbers. This is what they say they got access to. 50 million users.

And they got personal information of about 7 million Uber drivers. That includes about 600,000 driver's licenses.

So if you're a driver, you may have gotten that information that way, including your driver's license and number. Now, they claim that no Social Security numbers were breached. No credit cards were breached. They didn't get that information. But come on.

Come on. They got all that other stuff. Can we really believe them, knowing that for a year, they didn't tell anyone about this? Even the people affected. Isn't that a moral breakdown, if not a legal breakdown? I would think so. Is it right that they wouldn't tell the people affected by it?

Now, I know why. They're trying to protect the company. And I can respect that on a certain level. But don't you care about your customers. I'm not blaming you for the breach. There could have been problems. Maybe you did everything you could. Through no fault of your own. There was no failure of security. But they got the information. Not blaming you for that. I'm blaming you for the cover-up and why you didn't share it. I understand protecting the company.

What would you do if you were an investor right now in that company? Because as an investor, it's your company. You run that company. You own it. Yeah, there's managers. CEOs. CFOs. Different, you know, people that run it on a daily basis. But you own the company. Ultimately, the buck stops with you and the other investors. What would you you do if you ran the company?

Uber even said they had a legal obligation to report the hack to regulators and to the drivers whose information was stolen. But they didn't.

They didn't do it. In fact, when this breach happened, Uber was at the time negotiating with federal regulators about other privacy violation.

So they knew of this. It was on their front burner. This is what they were dealing with. Then suddenly the breach happens. And they start covering it up. Uber paid other hackers to delete the data and keep the breach quiet, just to cover it up. What would you do now, knowing that, if you were an investor?

The new CEO, Dara (sound effect), pretty sure that's how you pronounce her name, she said, none of this should have happened, and I will not make excuses for it. We're changing the way we do business.

Good. I'd like some details. But good, good.

She said, at the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access. Good, good.

Good. That sounds great. But what specifically are you going to do moving forward? And who will be punished? See, as an investor, if you owned, even in part, that company, I would want people held accountable, if there were things done wrong.

Obviously, the cover-up, that was wrong. I would want specific, real examples. I want a definitive plan of what you're going to do moving forward to make sure that doesn't happen again, right? Is that what you would want?

Would you want people to be held accountable, and you want to know specifically what will change in the future? That's what I would want too.

The reason I asked that is because you may not be an owner of Uber. You may not own stock. But you do own the Veterans Administration. You and I own it.

We're American citizens. We have a contractural and moral obligation to do what we said we would do, and that is to care for veterans. And I bring that up because the Veterans Administration has failed far more. And continues to fail far more than Uber ever has.

The Veterans Administration exposed millions of veterans' information, repeatedly. Over and over again, over the last 15 years or so. They have done virtually what Uber did.

Again, they were hacked. The information. At one point, there was a database stolen. Over and over again, the Veterans Administration has been sloppy. Uber may not have even been sloppy with it. The way theirs was breached, two hackers got access to a coding site. So maybe they were sloppy or not, but the Veterans Administration has been sloppy. You own that company. So if you said what I would do if an owner of Uber, I would make sure that people were held accountable and I would want a plan for the future. Who has been held accountable? What is the plan for the future?

Over and over again, the Veterans Administration has failed us. But it's far worse than breaching private information. There's a new inspector general report this morning about the Veterans Administration.

And it confirms, among other things, that the Veterans Administration facility in Denver has been lying about wait times that track mental health care.

How many times do we have to read about this, as the owners, the people, who are ultimately in charge of saying what is right and wrong within our government? How many times do we have to hear about these stories, before we actually hold people accountable? And before we actually get a working plan for the future?

This has happened over and over again. Most recently, a former VA employee, by the name of Brian Smother claimed that the staff in Denver kept separate lists. The same thing that we had.

KRIS: We've heard that before.

DOC: Over and over again. Kris Cruz from The Morning Blaze joining me as well, who is a combat veteran, having served both in Iraq and Afghanistan, who suffers with PTSD, who has had his ankles replaced.

Kris, over and over again, this was the story. This was the big fail out of Phoenix, as a matter of fact, where veterans died. It had to do with the wait times. Number one, the failure is that veterans do not get the timely service that they need. The timely appointments that they need. But then covering it up. They covered up the wait times and had a separate list.

KRIS: It's infuriating.

DOC: I don't know what else it takes. How many times do we have to hear these stories?

KRIS: And not just that. I tried -- Doc, I'm not the most healthy person out there.

DOC: Well, I think anyone that listens to The Morning Blaze knows that.

KRIS: Exactly. And one of the things, I have an issue with my heart burn. I get heart burns in the morning, and it's frustrating.

DOC: But it's chronic. And it's almost debilitating.

KRIS: Exactly. So I was like, you know what, I got to get this shot. I don't want to have an ulcer or something wrong with me. Because my body is telling me, hey, there's something wrong with me.

DOC: Too much acid.

KRIS: Exactly.

I called the VA in Orlando, Florida. And I was like, hey, I'm scared. You know, the syntax is no longer working. What can I do?

DOC: You got in and out, right?

KRIS: You can come in.

DOC: Oh, good job.

KRIS: February of the next year. And I was calling --

DOC: Were you calling in January?

KRIS: No, I was calling in July of the year before.

DOC: So you called in July, and they said, great, come in.

DOC: In February.

KRIS: In February. For something that I -- that I'm worried because I got heartburn every single morning.

DOC: Like excessive.

KRIS: Excessive.

And the medication says, if it prolongs two weeks or more, please contact your doctor because it could be something serious.

DOC: So they said -- this is happening. And if this happens for more than two weeks, contact your doctor. And you contact. And they're like, great. February.

KRIS: Great. We'll see you in February of 2017.

DOC: Hey. Wow. That's good.

KRIS: And I was like, are you kidding me?

They're like, oh, we're busy. But if somebody cancels, we'll call you.

DOC: Who is canceling? When everybody is backlogged nine months?

KRIS: I was like, nobody is going to cancel.

DOC: This is infuriating. Think about when I asked you about owning Uber. Maybe you own a business. What if your kids acted this way -- what if the guy who cuts your lawn. Maybe you're not a business owner, but you employ people to do things from time to time around your house. Your veteran area and your dentist. Whatever it is.

If this is how they treated you and your information, you would demand accountability. And you would demand an answer moving forward, or you would, what? No longer do business with them.

I think it's time we no longer do business with the Veterans Administration. It is time. It is shutdown.

Now, veterans out there, don't for a moment think I abandon you. I'm not suggesting that we shut it down and leave all of you. No. It is a slow shutdown, rolling out over the next four or whatever years it takes, at the same time, offering veterans another plan, where the United States government -- and by that, I mean American citizens pick up your health care fees. That's it.

There's the solution. We don't need all of these people working within the administration. We don't levels and levels of bureaucracy. We need money in the hands of those veterans, so they can get an insurance policy and go to the doctor. There are doctors everywhere, doctors that you can get in today, if you're not in the Veterans Administration.

The veterans would be able to pick whatever doctor they want. That is the accountability. I'm calling for it now. Over and over. Breaches of security. Veterans being killed. Secret wait lists. This continues to happen. And nobody is offering a solution. You want a solution. Here's the solution: results. We demand results.

No more left versus right, Democrat, Republican, unions or any of that crap. Results. All I want to hear is results.

You get in the debate with somebody. You're at Thanksgiving tomorrow, and it comes up. What are the results?

What has happened? What are the results? Well, we fired -- what were the results? Well, we got a new director. What were the results?

This is not two years of results we can look at. We can look at the last 50, 60. The Veterans Administration has been around since the 1930s. Prior to that, the Veterans Bureau for 10 years, and they failed. Over and over again. Every couple of years. Massive failures. What are the results? All I want, what are the results?

We've got a track record of continuous failure. What are the results? Great. There's no denying that.

Now, moving forward, if it is anything like we continue to do, well, we're going to get a new -- no, that hasn't worked. We'll change -- that hasn't worked. Shut it down. Give veterans the money or the policies they need to get the health care. And then get out of the way.

It's not just the Twitter mobs, the Leftist extremists and the flagrant fourth-wave feminists who want ICE abolished. As we've seen, there's a growing number of politicians who want to see it as well.

Cue Alejandro Alvarez, who in his 32 years has managed to cultivate his brand as a "serial immigration violator." Alejandro has been deported 11 times. Well, he's facing deportation once again, after allegedly "slashing his wife with a chainsaw." His wife is in recovery and is expected to survive.

RELATED: The cost of unchecked illegal immigration is very real, and very high

Around 3:00 pm last Wednesday, police arrived at Alejandro's. When they arrived, they found Alvarez's wife suffering from "traumatic physical injuries, believed to have been inflicted by a chainsaw." The couple's three children were huddled in fear inside the home. Alejandro's wife was rushed to a nearby trauma center for an emergency surgery.

Alejandro fled the scene of the crime, but was eventually hauled in by police and booked under "suspicion of attempted murder, child endangerment, hit and run, and grand theft auto."

Sounds like the kind of guy who should be in our country illegally, right?

ICE spokeswoman Lori Haley noted that "Immigration officers have lodged a detainer against Alvarez, requesting that local authorities notify Immigration and Customs Enforcement before his release to allow them to take the man into custody."

This is the new reality.

This is the new reality. The immigration agency has to ask for permission, to file requests, to have illegal immigrants who are guilty of crimes dealt with. Luckily for Alejandro, Los Angeles is a sanctuary city, so maybe he'll get another pass and be back on the streets in no time.

The Purple Heart is reserved for those wounded or killed during battle. Awarded by the President, the medal has George Washington's image right there on the front of it. Make no mistake, it is reserved for heroes. True heroes. Men and women who've faced death and still persevered. Soldiers who fought in battle at the cost of their limbs, their lives, or their inner peace. John F. Kennedy earned a Purple Heart for his heroism as a gunboat pilot in 1944. John McCain received one for, well, we all know his horrific story. Colin Powell. Roughly one million Purple Heart medals have been awarded to veterans, all of whom were determined to have fought valiantly, with courage and heart.

RELATED: An FBI Agent Was Dismissed From the Mueller Probe. What Happened?

So it was a bit of a head-scratcher to hear comments from Democratic Representative Steve Cohen from Tennessee and self-appointed "Leader in Effort to #ImpeachTrump." During a House Oversight Committee hearing questioning Peter Strzok, Cohen said, perplexingly, that Strzok deserves a Purple Heart. You know, because he's injured by all those mean text messages that HE sent?

As we've seen, other than Cohen's fanboy praise, Strzok hasn't gotten off easy. Thankfully. The Department of Justice's Office of the Inspector General wrote: "We did not have confidence that Strzok's decision to prioritize the Russia investigation over following up on the Midyear-related investigative lead discovered on the [Anthony] Weiner laptop was free from bias."

Lack of confidence. I believe that's one of the criteria for a different medal. Not a Purple Heart, though. Sorry, Strzok, you'll have to get your trophy elsewhere.

Time mgazine is back at it again, reporting the real news, doing the proper journalism. One of their latest articles is sure to earn them a Pulitzer. Surely. The article is titled, "Women Are Buying Up Plan B Because They're Terrified of the Future Supreme Court."

Here's how the article opens:

Within hours of Supreme Court Justice Anthony Kennedy's retirement announcement last month, Emily Hauser was standing at a drugstore counter asking a pharmacist for two packages of Plan B. At age 53, she didn't need the emergency contraception pills — in fact, she wasn't sure who would, or when. But Hauser bought them anyway.

RELATED: Observations of an Irishman: Lessons from the abortion referendum

I like that the article sets up Kennedy's retirement as an apocalyptic event. A recurring theme in the mainstream media, now that I think of it, especially lately. Here's the gist of it:

Across the country, Americans are stockpiling emergency contraception in light of Justice Kennedy's retirement and President Donald Trump's Monday nomination of Brett Kavanaugh. The nation's highest court is on its way to having a conservative majority, making threats against Roe v. Wade seem more dire than ever.

A good article includes backstory. History. The context. Here's what Time had to say about the sudden influx—some would say panic—in birth control:

To understand the interest in buying up Plan B, you need to brush up on Roe v. Wade. Some background: The court handed down the 7-2 decision in 1973, confirming that a woman's right to terminate her pregnancy is covered by the Fourteenth Amendment. Progress has been rocky since then.

Of course they reduce the issue to a series of strawman fallacies.

Ah, yes. Of course they reduce the issue to a series of strawman fallacies. At this point, it's impossible for those inflicted with Trump Derangement Syndrome, and now Kavanaugh Derangement Syndrome, to have a civil conversation. They certainly aren't going to budge in their opinion. Our main goal, obviously, is to connect to them as fellow human beings, living in the same chaotic world, and, hey, maybe along the way they'll admit that, maybe, they're a little more biased and deranged than they previously realized.

If all you knew about American politics came from The New York Times, CNN, The Washington Post, or MSNBC, you'd think that a "Blue wave" is about to swamp the country, with hip, millennial geniuses like Alexandria Ocasio-Cortez surfing the crest of the wave. In fact, you would already think Ocasio-Cortez is the greatest hope for America since Barack Obama.

America is a very large country, and reality is usually more complex than the media lets on. But, since the media already has their narrative and superstar Ocasio-Cortez set for this November, there's no room for another young, minority, female, child of immigrants, political outsider, from the ultimate blue-wave state of California, named Elizabeth Heng. Well, there probably would be room for a story like that, except that she's a conservative.

RELATED: Democratic Socialism spun as 'innovative, millennial-friendly' — here's the reality

Thirty-two-year-old Elizabeth Heng is running for Congress against Democrat Jim Costa, in California's 16th district. It's been 40 years since a Republican won in that district.

In the early 1980s, Heng's parents fled the violence in Cambodia and immigrated to the U.S. In 2008, after graduating from Stanford where she was student-body president, Heng opened several cell-phone stores with her brothers in the central San Joaquin Valley. Running her own business and managing 75 employees opened her eyes to a not-so-dirty secret about capitalism trying to survive the virus of progressivism. She says, "I saw firsthand how government regulations impacted businesses negatively. I constantly felt that from Washington, D.C., and Sacramento, they were saying that I was everything wrong with our country, when all I was doing was creating jobs."

That's when she decided to venture to Washington, D.C., where she worked for six years learning the ins and outs of legislation and campaigning. She ended up working as a director for President Trump's inauguration ceremony, a job she managed while also finishing her MBA at Yale.

Fiscal responsibility isn't quite as sexy-sounding as free college for everyone.

One of the biggest lessons she learned working in Washington became the platform she is now running for office on: fiscal responsibility. She says, "In a family or a business, we don't suddenly act surprised when a budget comes up for the year. We get it done."

What a concept.

Still, fiscal responsibility isn't quite as sexy-sounding as free college for everyone. So, don't expect Elizabeth Heng to replace Ocasio-Cortez as the media darling anytime soon.