learningandfinance.com


Business

Uber paid 20-year-old Florida man to keep data breach secret

Share
Uber Paid 20-Year-Old Florida Man To Keep Data Breach Secret Sources

Uber revealed last month that hackers stole data on more than 57 million riders and drivers in October 2016.

Stolen details included customer names, email addresses and phone numbers from around the world, although credit card details, bank account numbers and dates of birth were not believed to have been accessed.

Three people familiar with the incident said an unidentified Florida man contacted Uber after breaching a server in October and stealing information including the names and email addresses of ride-share users in the US and overseas, Reuters reported Wednesday. Sources familiar with the hack have told Reuters that the payment was made through a program created to reward bug hunters who report flaws.

HackerOne subsequently paid the person $100,000 in exchange for erasing the stole Uber data, the sources told Reuters.

Dara's Machiavellian moment: Did Khosrowshahi reveal details of the hack in part to throw Travis Kalanick under the bus (or car)?

Why and When Hugh Jackman Turned Down James Bond
But Jackman turned down the part and the rest, as they say, is history. "I always tried to do different things", he said.

Senior UN official in North Korea to meet top leaders
The report said the two sides exchanged views on cooperation between the North and the U.N. Secretariat and U.N. assistance to the country, as well as other issues of mutual concern.

Putin says Russian Federation won't prevent athletes from competing in Pyeongchang
While the Kremlin denies the existence of any state-run doping program, Putin appeared to soften criticism of the investigation. Asked if it's a "done deal" that USA athletes will be able to attend the Olympics, Haley said: "There's an open question".

Uber ended up firing its chief security officer Joe Sullivan and attorney Craig Clark over their roles in the data breach, so it looks like the company isn't exactly chuffed with how the situation was handled, even though it has yet to comment on the revelations Reuters' sources have been serving up.

Uber declined to pursue criminal charges after determining that the person didn't pose an additional threat and eventually paid the hacker after confirming their identity and making them sign a nondisclosure agreement, Reuters reported.

Uber spokesman Matt Kallman declined to comment, the report said. Uber's "bug bounty" service, a program known in the industry, is hosted by HackerOne, a company that offers its platform to several tech companies, the report said.

Uber has said hackers accessed names and email addresses, as well as the drivers' license numbers of 600,000 Uber drivers, by stealing the password to a cloud database hosted by Amazon Web Services.

In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc security chief, said he integrated security engineers and developers at Uber 'with our lawyers and our public policy team who know what regulators care about'.

Share