Wednesday, November 22, 2017

Another Day, Another Uber Scandal : Uber Concealed Cyberattack That Exposed 57 Million People’s Data

On a day when the worlds media was concentrating on Zimbabwe and the resignation of Robert Mugabe, Uber released the news they've been covering up for over a year, of the hacking of details of 57m customer and driver personal details. They probably chose today thinking it would roll down the order of play.

See Video below for outline of the story from Sky News:


This from Bloomberg:
Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing company ousted Joe Sullivan, chief security officer, and one of his deputies for their roles in keeping the hack under wraps.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said.

“None of this should have happened, and I will not make excuses for it.”

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.”

Hackers have successfully infiltrated numerous companies in recent years. The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc.and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack. The breach is the latest explosive scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.

Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.

Sullivan spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year. Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

Check out the Decryted podcast below:

Here’s how the hack went down: 

Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

Uber has earned a reputation for flouting regulations in areas where it has operated since its founding in 2009. The U.S. has opened at least five criminal probes into possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property, people familiar with the matters have said. The San Francisco-based company also faces dozens of civil suits. London and other governments have taken steps toward banning the service, citing what they say is reckless behavior by Uber.

In January 2016, the New York attorney general fined Uber $20,000 for failing to promptly disclose an earlier data breach in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy settlement even as it haggled with the hackers on containing the breach, Uber said. The company finally agreed to the FTC settlement three months ago, without admitting wrongdoing and before telling the agency about last year’s attack.

The new CEO said his goal is to change Uber’s ways. Uber said it informed New York’s attorney general and the FTC about the October 2016 hack for the first time on Tuesday. Khosrowshahi asked for the resignation of Sullivan and fired Craig Clark, a senior lawyer who reported to Sullivan. The men didn’t immediately respond to requests for comment.

The company said its investigation found that Salle Yoo, the outgoing chief legal officer who has been scrutinized for her responses to other matters, hadn’t been told about the incident. Her replacement, Tony West, will start at Uber on Wednesday and has been briefed on the cyberattack.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said in the emailed statement.

Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, as an adviser. He will help the company restructure its security teams. Uber hired Mandiant, a cybersecurity firm owned by FireEye Inc., to investigate the hack.

The company plans to release a statement to customers saying it has seen “no evidence of fraud or misuse tied to the incident.” Uber said it will provide drivers whose licenses were compromised with free credit protection monitoring and identity theft protection.

Source Bloomberg



Find out how to delete the toxic app, click link below

Tuesday, November 21, 2017

The Scandal Continues : Criminals Driving For Uber In Southend Revoked ... But In London It's Carry On Regardless

The scandal continues :
We've been told, via the media, that TfL knew there were 13,000 Uber drivers with fake DBS certificates back in January 2017.

We also know that TfL were informed around this time, about two Uber drivers working in Southend, who had lost their Southend licenses due to criminal conviction, were subsequently licensed by TfL. 

Southend council found two local cab drivers, who had previously been stripped of their licences, were using the Uber app to pick up passengers in the area. Nasser Hussain, 60, and Nisar Abbas, 37, had been found to be sharing penalty points for traffic offences with other drivers in order to avoid being banned.

Despite this, they were able to get new private hire licences from Transport for London and work using the Uber app in Southend, even though Uber doesn't have an operators’ licence there. 

Tony Cox, Southend council’s cabinet member for transport, said the legislative loophole left the local authority “impotent to protect the public”. But the public could be better protected if TfL did their job properly. 

Why Just Two Out Of 13,000?
The drivers criminal history was pointed out to TfL in February 2017 by a local Southend drivers association and their licenses were revoke.....but why just the two?

Were TfLTPH hoping this would satisfy media interest and sweep the rest of this scandal under the carpet ?

Mayor's question time 22nd of March 2017 : 
 Keith Prince AM asked the question:

Sadiq Khan answered: 

Why hasn't more been done about the other 13,000 ? 

Are TfL hoping this will all blow over ?

Why did Helen Chapman gamble with public safety ? 


Still the Uber Scandal Continues
Uber under fire in Colorado, for hiring drivers with criminal records. 

Monday, November 20, 2017

Uber Driver Accused Of Sex Assaults Loses Private Hire Licence


An Uber taxi driver accused of sexually assaulting two of his passengers in Leeds has lost an appeal to keep his private hire licence.

Naveed Iqbal and his brother were both Uber drivers, using the same VW people carrier to pick up fares

Leeds City Council claims Naveed Iqbal used his brother's Uber driver login while he was away and assaulted two women on separate occasions.

The city's crown court heard no charges had been brought, but a judge said it was him who carried out the attacks "on the balance of probabilities". 

He was told to pay £1,500 in fees.

Mr Iqbal, 39, shared a Volkswagen Sharan people carrier with his brother, also an Uber driver, and picked up fares at night while his sibling worked in the day.

The court heard two women were picked up in Leeds city centre after nights out in December 2015, with the women sitting in the front passenger seat on both occasions. 
Providing evidence via video-link, one woman said she fell asleep in the cab and woke up to find the driver of the vehicle fondling one of her breasts. 

'Technical fault' defence

Another told the court she was taken to a dark road near her home and the Volkswagen's driver "put his hands on my chest and under my clothes".

Leeds City Council found the Uber driver account logged in at the time of the assaults belonged to Mr Iqbal's brother, but he was in Pakistan at the time.

Mr Iqbal denied using his brother's Uber login and sexually assaulting the two women, blaming a "technical fault" on the phone or the Uber app. 

Leeds Crown Court heard two women were picked up in Leeds city centre after nights out in December 2015 and assaulted

Judge Simon Batiste told him the vehicle which picked the women up was "only ever used by two people" and one was out of the country.

Dismissing his appeal to retain his licence, he said: "We are satisfied that he is not a fit and proper person to hold a licence.

"He's extremely fortunate that criminal charges have not been brought against him."

Source : Reuters 

What's More Important...Having A Working CC Unit, Or Having Genuine DBS Clearance???

Taxi and Private Hire Compliance Officers check for working card terminals when carrying out their on-street spot checks. 40,000 compliance checks carried out on London Taxis since 31 October 2016. Officers found a problem with the card machine on just 300 occasions.

TfL again have shown their total bias against London's Taxi Trade. A statement contained in an FOI response about CC acceptance. After receiving just 192 complaints of which only one third were upheld (that's just 64), says: 

“Each case is individually assessed and may result in the driver receiving a warning or suspension of their licence and/or the vehicle being issued with an 'unfit notice'; this means that the vehicle cannot be used as a licensed taxi until it is shown to have an approved functioning."

Figures released in response to a Freedom of Information request suggest that the overwhelming number of drivers are in fact complying with the new rules.

But TfLTPH's General Manager Helen Chapman, had happily allowed 13,000 Uber drivers to carry on working, knowing (since January 2017) they did not have the proper approved enhanced criminal record checks. 

How many Taxi drivers have been thrown out of work for months while waiting for DBS checks when renewing their licenses? 

Told by Helen Chapman "I couldn't live with myself should a cabby commit a crime while working without a complete DBS".

Her department gave the 13,000 drivers 28 days to reapply with authorised DBS certificates. It has been revealed that less than 20% of the 13,000 have actually reapplied and still Helen Chapman's department have taken no action to suspend the Uber drivers without genuine criminal record checks in place. She seems more concerned that Taxi drivers may be committing the heinous crime of working with a credit card reader which isn't functioning properly. 

And to that affect, TfLTPH are employing over 300 compliance officers to make sure Taxi drivers have working, authorised units supplied by (in the late deputy Mayor Dedring's own words) TfL Golden partners.

Since the 31st of October 2016, after 40,000 comp,Janice checks carried out on street, less than one percent have been found not to be working. Is this not a complete waste of our licence fee???

While 40,000 compliance checks have been made on Taxis found standing in the street, hundreds of serious sexual assaults, including rapes, have taken place in private hire vehicles, many working without the correct DBS clearance. This is scandalous and must not be allowed to continue. 


Those of you who are very observant, will have noticed that TfL took the liberty to photoshop out the #TaxiApp livery on Scott Wolsey's Taxi in the new issue of TFL's online publication "OnRoute", while allowing Geely and Dial a Cab liveries to be shown on other pages.

What have TfL got against a Taxi App, run by Taxi drivers exclusively for Taxi drivers???

        This is what Scott's Taxi normally looks like.

         Driven By Knowledge, Black Cab's Only 

Sunday, November 19, 2017

Open Letter To Deputy Mayor Val Shawcross In Regards To Uber Driver Sexual Assault Figures.

Dear Deputy Mayor Shawcross
It has been bought to Taxi Leak's attention, that in reply to a letter sent to you by Jackie Doyle-Price MP in late 2016, an untrue statement was made which damaged and stopped the advancement of a campaign for the safety of the public using private hire cars.

In a response to a constituent's letter, the statement was made:
It should be noted that there are complaints of sexual assaults against Black Cab drivers as much as Private Hire

TfL have now published statistics which confirmed that in the year in question (2016) there were no such sexual assaults from Black Cab drivers and that Uber drivers were responsible for more than half of the 164 reported sexual attacks. 

Is the Mayor a man of his word???
When campaigning for Mayor's job, Sadiq Khan said he would suspend Uber immediately if it emerged just a single driver did not hold genuine paper work!
What will he do now it's become clear that 13,000 have worked while not holding genuine paper Wouk???

Uber are still spouting the lie that all their drivers have gone through the same enhanced DBS checks as Black Cab drivers. 

In January this year as I'm sure you know, 13,000 of Uber's drivers were found to have submitted inadequate DBS certificates. Unfortunately for many victims, TfL took the strange decision to say and do nothing, that is until an expose' appeared in the media. These 13,000 drivers were given 28 days by TfL to resubmit, but we've subsequently found out that only 2,642 have in fact resubmitted. We've also been informed that TfL have sent out no suspension or revocation notices to drivers having failed to resubmit genuine DBS certificates. This is totally unacceptable. 

Until this matter in dealt with comprehensively, the public are indeed playing Russian Roulette when eHailing unsafe Uber vehicles.

The Mayor made a statement at the MQT held in City Hall, 16th November 2017. In answer to a question from assembly member Kurten, he said "any driver who hasn't reapplied should not be working.

It is felt that the statement scuppered a campaign that could possibly have resulted in many sexual attack victims being protected from having to go through a life shattering experience. 

I look forward to your reply. 

Regards James Thomas
Editor, Taxi Leaks
Licensed Taxi Driver, 44 years service


Even more alarming is the information below -taken from Twitter- which alleges TFL's TPH General Manager, Helen Chapman, has broken acceptable protocol and been 'tipping off' Uber. 

Friday, November 17, 2017

Calls For Uber Licence To Be Revoked After Sexual Offence Figures Published By TfL.

Sexual offence figures from the Met police, compiled by Transport for London, show that the number of taxi and private hire journey-related sexual offences hit 164 in the capital last year. It was also pointed out that there were none reported in Taxi journeys.

The figures on the TfL website are alleged to have been dumbed down (again) as they are lower than the figures gained by FOI request and published earlier this year.

What TFL's figures actually show, is that over half of all offences were committed by Uber drivers.

Back in August, emails in the Sunday Times showed alleged offences include causing death by dangerous driving, careless driving, drink-driving, driving without insurance and speeding.

In the emails, which were written on July 7, Met Inspector  Neil Billany raised 'concerns with Uber as an operator. 

In a letter obtained by The Sunday Times, Inspector Billany, head of the Metropolitan police’s taxi and private hire unit, said he had “significant concern” that Uber seemed to be “deciding what crimes to report”, telling police only about “less serious matters” that would be “less damaging to [its] reputation”.

Billany accused Uber of “allowing situations to develop that clearly affect the safety and security of the public” by keeping from police crimes committed by drivers — including at least six sexual assaults on passengers, two public order offences and an assault.

In at least one of the sex cases, Uber continued to employ the driver, who went on to commit a more serious sex attack against a second woman passenger.

Billany said: “Had Uber notified police after the first offence, it would be right to assume the second would have been prevented.”

The victims complained to Uber and were left “strongly under the impression” it would tell police, but it did not do so, he added.

In the year to February 2017, Scotland Yard recorded 48 allegations of sexual assault involving Uber drivers, mostly reported by passengers but some made via the regulator, Transport for London (TfL).

Billany said Uber’s failure to report the public order cases meant the Met learnt too late to prosecute.

The letter — dated April 17 and sent to Helen Chapman, head of taxis and private hire at TfL — was obtained under the Freedom of Information Act by the chairwoman of the London Assembly’s transport committee, Caroline Pidgeon.

She said she was “deeply concerned”, adding: “This apparent cover-up of reports about such serious criminal activity is shameful.”

Convictions (11) are a sad reflection of the true number of offences (164).
Plus we must never forget that 90% of sexual attacks (80% of actual rapes) are never reported....that's the true cost of a cheap ride home.


Also in TFL's release today, under the title 'Action against offenders', they state: 

Where the suspect is a TfL licensed taxi or private hire driver, and we are notified by the police of an allegation, we immediately assess whether there is a risk to public safety. We may immediately suspend the driver's licence prior to charge or conviction, if we believe that is required in the interests of public safety.

We would take if from this that a prison sentence for theft and fraud isn't enough to see an Uber drivers TfL Licence revoked after five Uber drivers were convicted and sentenced last week. All five are still registered on TfKs website as PH drivers.