Millions of users of Uber ride-sharing company in Saudi Arabia, China and Russia are in extreme security risk as their information as well movement details are secretly passed to intelligence agencies in Iran, Ukraine and Western countries. It is also learnt that several intelligence agencies are heavily bribing the Uber drivers in installing hidden cameras and microphones inside their vehicles enabling the “client agencies” in listening and watching everything of their targeted individuals.
It may be mentioned here that, nearly after six years, Uber has officially admitted of hiding a 2016 data breach which impacted more than 57 million users worldwide, while in my opinion, terrorist and jihadist outfits might have taken advantage of this breach in gathering strategic information on their targets. By hiding such dangerous information, Uber certainly has committed serious crime.
According to media reports, to avoid criminal prosecution, the notorious ridesharing company has admitted that its personnel “failed to report the November 2016 data breach”, in spite of a concurrent investigation by the Federal Trade Commission (FTC) into Uber’s data security at the time.
The United States Department of Justice (DOJ) said Uber has “accepted responsibility for the acts of its officers, directors, employees, and agents in concealing its 2016 data breach”, and has agreed to pay US$148 million for civil litigation related to the incident.
This indelible data breach exposed unprecedented amounts of Uber’s data, including 600,000 US drivers’ license numbers and the information of those over 57 million users.
Uber initially issued a US$100,000 ransom payout in an attempt to destroy the leaked information and keep the attackers quiet, however, this decision ultimately backfired into a slew of long-running legal repercussions.
The data breach remained undisclosed for a full year before finally being reported to government authorities by the then newly-appointed CEO, Dara Khosrowshahi.
In a blog post published in late 2017, Khosrowshahi said “None of this should have happened, and I will not make excuses for it”.
The attack was launched by two hackers, Brandon Glober and Vasile Mereacre, who utilized a collection of stolen credentials to infiltrate Uber’s systems.
Court documents reveal the two men used a sophisticated, “custom-built Github account checker tool” which took existing exposures of corporate login credentials from other websites and tested them against GitHub’s service.
After using this tool to gain access to Uber’s sensitive data, the two men contacted the company’s then Chief Security Officer, Joe Sullivian, and demanded the US$100,000 ransom in Bitcoin, which Uber management agreed to pay.
But surprisingly, Joe Sullivan was fired from Uber the following year, and in 2020, was charged with obstruction and failing to report a felony to authorities.
He is currently scheduled for a criminal trial with the Northern District of California in September.
While the recent non-prosecution agreement with the DOJ entails a long-awaited settlement between Uber and United States parties tied to the breach, the impacts of this 2016 attack are not confined to America alone.
Uber has faced ongoing scrutiny and investigations from around the globe for the breach, many of which have culminated in hefty penalties.
Among these was a fine £385,000 by the UK Information Commissioner’s Office, as well as a ruling of several Australian Privacy Principle violations by the Office of the Australian Information Commissioner (OAIC) in 2021.
Although Uber claims to have “heavily increased its commitments to security and compliance over the past six years”, according to information, since February this year, Ukrainian and Western intelligence agencies are gathering sensitive information on Uber users from China and Russia, while Iranian intelligence agencies began obtaining similar information either by bribing Uber officials, or by infiltration into its system through hackers.
The source further said, Uber drivers are not only collaborating the Ukrainian and Western intelligence agencies by placing hidden cameras and microphone inside the vehicles, they also are providing further details of the locations and destinations of the users. It is also learnt; intelligence agencies are collecting fingerprints and DNA of the targeted Uber users in the aforesaid countries.
Uber services in Saudi Arabia, China and Russia
Back in 2021, in addition to its existing services, the California-based ride-sharing company Uber enabled its users in Saudi Arabia to avail the services of up to 30-days’ notice of ride reservation. The service called Hourly on Uber has been available in more than 1,000 cities and towns in the United States, which was introduced in “thousands of cities and towns” in Saudi Arabia as well as Europe, Latin American, Australia, and India.
As part of the partnership with Avis Budget Group Inc., Hertz, and other vehicle rental agencies, Uber apps users have been able to book a rental car and vehicle which would be delivered to them and returned once they are finished using it.
In 2021, Chinese ride-hailing giant Didi Global made its trading debut on the New York Stock Exchange after an initial public offering that had raise US$4.4 billion, valuing it at US$67.5 billion in the biggest share sale by a Chinese company in the United States.
According media reports, Didi Global absorbed Uber’s China business in 2016, where Uber retains a 12.8 percent stake in the firm, and on an average 25 million rides a day in the first three months of 2021 in China, where it is the dominant operator.
Uber in 2018 merged its operations in Russia and neighboring countries with those of Russian company Yandex. Its ownership stake in the joint venture, however, was diluted throughout the years and was down to 29 percent at the end of 2021. Although Uber announced of withdrawing from Russia due to the Ukraine war, Ukrainian and Western intelligence agencies have established contacts with a section of the drivers of the ride-sharing company with the target of obtaining strategic information on its Russian users.
