Uber paid hacker $100G to keep data breach past year a secret

Uber paid hacker $100G to keep data breach past year a secret

A Florida man, who is 20, was responsible for the data breach past year at Uber Technologies and was paid by the company to destroy that data through what is known as a bug bounty program that is normally used in identifying vulnerabilities, said three sources who are familiar with this situation. Uber paid him $100,000 through a "bug bounty" program to destroy the data, Reuters said. A new report from Reuters says that a Florida man, 20, was behind the massive hack. Sources familiar with the hack have told Reuters that the payment was made through a program created to reward bug hunters who report flaws.

New Uber CEO Dara Khosrowshahi fired a pair of top Uber security officials when the company announced the incident, saying regulators should have been told when the breach was discovered, approximately one year prior.

It is widely believed that CEO Travis Kalanick was aware of the breach and bug bounty payment in November of a year ago.

The high payment through a bug bounty programme should have raised a few alarm bells. Uber's bug bounty service is hosted by HackerOne, a company that connects security researchers with companies.

More news: Police officer and 91-year-old woman die after Hare Hatch crash

Uber declined to pursue criminal charges after determining that the person didn't pose an additional threat and eventually paid the hacker after confirming their identity and making them sign a nondisclosure agreement, Reuters reported. The hacker further paid a second person who offered his services in accessing GitHub to obtain credentials for accessing Uber's data.

Uber has come under fire since disclosing the data breach last month more than a year after the fact, and the incident is now being reviewed by state and federal regulators in the USA and overseas.

"None of this should have happened, and I will not make excuses for it", Khosrowshahi, said in a blog post announcing the hack last month. It is unclear whether Clark informed Uber's legal department, which typically handled disclosure issues.

Once he became aware of the hack, Khosrowshahi reportedly sacked the company's chief security officer and one of his deputies for their roles in hiding the hack, as well as for making the payment.

Related Articles