Florida man, 20, reportedly behind massive hack at Uber

Uber paid to keep data breach secret: report

Uber paid a 20-year old man from Florida $100,000 to delete the stolen personal details of 57m customers and drivers, 2.7m of which were based in the UK.

Furthermore, Reuters reports that "Uber made the payment to confirm the hacker's identity and have him sign a nondisclosure agreement to deter further wrongdoing".

Uber hasn't identified the hacker it paid $100,000 to last year, but Reuters reports its a 20-year-old man in Florida. Now, some new details have come to light regarding the hacker, and how he was paid. Sources familiar with the hack have told Reuters that the payment was made through a program created to reward bug hunters who report flaws. Hopefully this will serve as a lesson to other companies going forward. Since that time, CEO Travis Kalanick stepped down and was replaced by Dara Khosrowshahi in August.

Uber declined to comment, while HackerOne representatives didn't immediately respond to a request for comment. The hacker further paid a second person who offered his services in accessing GitHub to obtain credentials for accessing Uber's data. It is important to note that while HackerOne hosts Uber's bug bounty program, it does not manage it, nor does it have a hand in setting Uber's prices for bounty payments.

Uber has said hackers accessed names and email addresses, as well as the drivers' license numbers of 600,000 Uber drivers, by stealing the password to a cloud database hosted by Amazon Web Services.

Uber received an email past year from an anonymous person demanding money in exchange for user data, and the message was forwarded to the company's bug bounty team in what was described as Uber's routine practice for such solicitations, according to three sources familiar with the matter.

Mr Khosrowshahi fired two of the company's security officials, chief security officer Joe Sullivan and attorney Craig Clark, for their failure to disclose the breach to law enforcement at the time, instead choosing to cover it up.

The revelation has gotten the startup in hot water with regulators and prosecutors.

Related:

Comments


Other news