Florida man, 20, reportedly behind massive hack at Uber

Share

Reuters said Uber made the man sign a nondisclosure agreement, and verified that the data had been erased.

Uber reportedly paid a hacker from Florida $100,000 under the guise of a bug bounty program to keep quiet about a data breach which exposed information belonging to 57 million users.

The hacker was described as a 20-year-old man in the report. Visit MarketWatch.com for more information on this news. Reuters did not discover the name of the hacker.

The ride-hailing app paid the man, whose identity is still unknown, and an anonymous accomplice to delete the data through a "bug bounty" programme, according to Reuters.

In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne. A former executive at the firm, Katie Moussouris, said that such a high payment would have been an "all-time record".

If the payment was actually made via HackerOne bug bounty program, it was an unusual incident as it involved a hacker who stole data.

Senior UN official meets North Korea's deputy foreign minister
The UN Under Secretary-General for Political Affairs met North Korea's Foreign Minister in Pyongyang on Thursday. North Korean officials rarely brief the media on the content of discussions with foreign dignitaries.

Five states and multiple countries are investigating the matter, The Hill reported. New CEO Dara Khosrowshahi said in November that Uber was wrong in covering it up, and said "We are changing the way we do business".

However, according to Reuters, it was one lone wolf - and a young U.S. citizen at that - who was responsible.

The payment was made through a bug hunter scheme called HackerOne, created to reward security researchers who identify weaknesses and issues in a company's software.

'The creation of a bug bounty program doesn't allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don't apply to them, ' Moussouris said.

In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc security chief, said he integrated security engineers and developers at Uber 'with our lawyers and our public policy team who know what regulators care about'. One of them, physical security chief Jeff Jones, later told others he would have left anyway, sources told Reuters.

Share