Uber says 1.2m Aussies compromised in breach

Uber has revealed the personal information of 1.2 million Australians was compromised in the 2016 hack on the company.

The ride sharing firm disclosed the breach - which impacted 57 million of its users and drivers globally - in late November, despite having known about it since the incident occurred in October 2016.

It paid the attackers US$100,000 at the time to delete the stolen data and keep quiet.

The data that was stolen included the names, email addresses and mobile phone numbers of customers, as well as names and drivers licence numbers of 600,000 US-based drivers.

On Friday Uber said it had informed the Australian Privacy Commissioner that approximately 1.2 million Australian users had been impacted by the breach.

The company is not individually notifying those affected. 

It said it had no evidence that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded, nor that any fraudulent activity had resulted from the breach. 

Uber said it doesn't believe users need to take any action, but urged customers to let the company know through its help centre if they identify any unusual behaviour.

"We are monitoring the affected accounts and have flagged them for additional fraud protection," it said.

An Uber spokesperson said the company was "happy to answer any questions regulators may have".

"We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to regain the trust of consumers."

The attackers managed to gain access into the private Github repository of Uber software developers and use the credentials located within to access data stored on an Amazon Web Services server.

The two Uber workers who led the response to the incident - chief security officer Joe Sullivan and one of his deputies - were let go.