Uber has revealed that 2.7 million UK-based users (riders and drivers) likely had data stolen in a 2016 breach which saw 57 million records filched by hacker.
The company kept the hack quiet for the best part of a year after paying hackers approximately £75,000 to destroy the stolen data.
Uber has not provided any further details on users in other countries that have been affected with the exception of the US were an estimated 600,000 drivers had information stolen.
The breach involved the theft of names, mobile phone numbers and email addresses.
On its own this information is unlikely to pose a direct threat to those who had data stolen.
That said, if the data wasn’t destroyed it could be used in other scams such as phishing emails and bogus calls.
What you should do
If you use or have used the Uber app:
- Change your app password. If your password has been compromised changing it will render the compromised password useless for hackers
- If the same password is used on other accounts, you should change these passwords too
- Be alert to phishing emails. These are likely to mimic a known organisation. Since the stolen Uber information included phone numbers and driving licence information, this information could be used by scammers to make phishing emails more convincing
- Be vigilant to potential scam phone calls. If you receive a phone call that is suspicious, that is, some requests personal or security information, don’t give anything out and hang up. Importantly, when you pick up the phone again make sure there is a dial tone to make sure the caller is still not on the line.