20-year-old Florida man was behind Uber hack

Galtero Lara
Diciembre 7, 2017

The ride-hailing app paid the man, whose identity is still unknown, and an anonymous accomplice to delete the data through a "bug bounty" programme, according to Reuters.

A 20-year-old Florida man was responsible for the data breach at Uber last year, and was paid $100,000 to destroy the information, Reuters reported Wednesday.

Uber on November 21 announced that personal data of more than 57 million users including 600,000 of its drivers in the US, had been stolen by a breach that took place in October of 2016, and that it paid the person who hacked it $100,000 to have that information destroyed. The hacker further paid a second person who offered his services in accessing GitHub to obtain credentials for accessing Uber's data.

Uber said it paid $100,000 to the data thieves at the time to delete the information.

The payment was made through a bug hunter scheme called HackerOne, created to reward security researchers who identify weaknesses and issues in a company's software. As per a report by Reuters, the payment to the hacker was made via Uber's bug bounty program hosted by HackerOne.

More news: Huawei Nova 2s launched with 6-inch display and Kirin 960 chipset

The hacker wasn't a participant in the program, emailing Uber to demand money instead. Uber said it first became aware of the hack in November 2016.

Uber's CEO, Dara Khosrowshahi, said in a blog post about the breach that "two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use", and that no payment data was exposed. The New York State Attorney General has opened an investigation into the incident, while the New Mexico Attorney General has sent Uber a letter asking for details of the hack and how the company responded. It also conducted a forensic analysis of his machine to make sure the data had been completely removed.

Uber has come under fire since disclosing the data breach last month more than a year after the fact, and the incident is now being reviewed by state and federal regulators in the USA and overseas.

We've reached out to Uber for comment and will update when we hear back. Having fun yet? These stories get to the heart of the matter.

Otros informes por

Discuta este artículo

SIGUE NUESTRO PERIÓDICO