科技公司優(yōu)步21日表示,該公司曾向黑客支付10萬美元(約合人民幣66萬元),以掩蓋發(fā)生在2016年的一起大規(guī)模信息泄露事件。此次事件導致優(yōu)步5700萬名用戶的個人信息外泄。
Discovery of the cover-up resulted in the firing of two employees responsible for its response to the hack, said Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August.
今年8月接替優(yōu)步聯(lián)合創(chuàng)始人特拉維斯•卡蘭尼克出任該公司首席執(zhí)行官的達拉•科斯羅薩西稱,發(fā)現(xiàn)有人隱瞞實情后,優(yōu)步解雇了兩名涉事員工。
"None of this should have happened and I will not make excuses for it," Khosrowshahi said in a blog post.
科斯羅薩西在博客中表示:“這些事情不應該發(fā)生,我不會為此找借口。”
The breach occurred in October 2016 but Khosrowshahi said he had only recently learned of it.
他稱,這起信息泄露事件發(fā)生在2016年10月,不過他最近才了解實情。
The stolen information included names, email addresses and mobile phone numbers of Uber users around the world and the names and license numbers of 600,000 US drivers, Khosrowshahi said.
科斯羅薩西說,被竊取的信息包括全球優(yōu)步用戶的姓名、郵箱和電話號碼,以及60萬美國優(yōu)步司機的駕照號。
Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said.
優(yōu)步表示,乘客不必擔心,因為沒有證據(jù)表明有人借此詐騙,不過他們會向駕照號被盜的司機提供免費的身份竊取保護和信用檢測服務。
Bloomberg News first reported the data breach on Tuesday.
彭博新聞社21日率先報道了這次數(shù)據(jù)泄露事件。
Khosrowshahi said Uber had begun notifying regulators. The New York attorney general has opened an investigation, a spokeswoman said. Regulators in Australia and the Philippines said on Wednesday they would look into the matter.
科斯羅薩西稱,優(yōu)步已經(jīng)在通知監(jiān)管部門。一位女發(fā)言人表示,紐約總檢察長已對此事展開調(diào)查。澳大利亞及菲律賓的監(jiān)管機構(gòu)22日稱,他們將調(diào)查此事。
Uber said it had fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, this week because of their role in the handling of the incident. Sullivan, formerly the top security official at Facebook Inc and a federal prosecutor, served as both security chief and deputy general counsel for Uber.
優(yōu)步稱,因為在這起事件中處置不力,該公司首席安全官喬伊•沙利文及其副手克雷格•克拉克本周已被解雇。沙利文是優(yōu)步安全主管兼副總顧問,曾任臉書網(wǎng)首席安全官及聯(lián)邦檢察官。
Kalanick learned of the breach in November 2016, a month after it took place, a source familiar with the matter told Reuters. At the time, the company was negotiating with the US Federal Trade Commission over the handling of consumer data. A board committee had investigated the breach and concluded that neither Kalanick nor Salle Yoo, Uber’s general counsel at the time, were involved in the cover-up, another person familiar with the issue said. The person did not say when the investigation took place.
據(jù)知情人士向路透社透露,優(yōu)步前首席執(zhí)行官卡蘭尼克在2016年11月,也就是事件發(fā)生一個月后得知情況。當時,該公司正在與美國聯(lián)邦貿(mào)易委員會就如何處理消費者數(shù)據(jù)進行協(xié)商。據(jù)另一名知情者透露,公司董事委員會對這起泄露進行了調(diào)查,結(jié)論是卡蘭尼克及時任優(yōu)步法律總顧問的薩爾都與隱瞞不報的行為無關(guān)。該知情者并沒有說明調(diào)查是何時進行的。
Uber said on Tuesday it was obliged to report the theft of the drivers’ license information and had failed to do so.
優(yōu)步21日表示,該公司有義務將司機駕照信息被盜的事件上報,但卻未能盡到義務。
Kalanick, through a spokesman, declined to comment. The former CEO remains on the Uber board of directors, and Khosrowshahi has said he consults with him regularly.
卡蘭尼克通過其發(fā)言人表示,對此拒絕置評。他現(xiàn)在仍是優(yōu)步董事會成員,而科斯羅薩西曾表示,自己經(jīng)常會向卡蘭尼克咨詢。
Although payments to hackers are rarely publicly discussed, US Federal Bureau of Investigation officials and private security companies have told Reuters that an increasing number of companies are paying criminal hackers to recover stolen data.
雖然向黑客付款的事情很少公開,但美國聯(lián)邦調(diào)查局官員及私人安保公司告訴路透社,為了恢復被盜數(shù)據(jù),越來越多的公司向黑客犯罪分子支付贖金。
“The economics of being a bad guy on the internet today are incredibly favorable,” said Oren Falkowitz, co-founder of California-based cyber security company Area 1 Security.
加州網(wǎng)絡(luò)安全公司Area 1 Security聯(lián)合創(chuàng)始人奧倫•法爾科維茨表示:“如今,在互聯(lián)網(wǎng)上作惡非常有利可圖。”
Uber has a history of failing to protect driver and passenger data. Hackers previously stole information about Uber drivers and the company acknowledged in 2014 that its employees had used a software tool called “God View” to track passengers.
優(yōu)步此前就有過未能保護好司機及乘客數(shù)據(jù)的歷史。黑客曾竊取過優(yōu)步司機的信息。該公司2014年承認,其員工利用一款名為“上帝視角”的軟件工具追蹤乘客。
Khosrowshahi said on Tuesday he had hired Matt Olsen, former general counsel of the US National Security Agency, to restructure the company’s security teams and processes. The company also hired Mandiant, a cybersecurity firm owned by FireEye Inc, to investigate the breach.
科斯羅薩西21日表示,他已經(jīng)聘請了美國國家安全局前法律總顧問馬特•奧爾森,重新規(guī)劃公司的安全團隊和措施。優(yōu)步還雇傭了火眼公司旗下的網(wǎng)絡(luò)安全公司曼蒂恩特調(diào)查這次信息泄露事件。