Florida man, 20, reportedly behind massive hack at Uber


Reuters said Uber made the man sign a nondisclosure agreement, and verified that the data had been erased.

Uber reportedly paid a hacker from Florida $100,000 under the guise of a bug bounty program to keep quiet about a data breach which exposed information belonging to 57 million users.

The hacker was described as a 20-year-old man in the report. Visit MarketWatch.com for more information on this news. Reuters did not discover the name of the hacker.

The ride-hailing app paid the man, whose identity is still unknown, and an anonymous accomplice to delete the data through a "bug bounty" programme, according to Reuters.

In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne. A former executive at the firm, Katie Moussouris, said that such a high payment would have been an "all-time record".

If the payment was actually made via HackerOne bug bounty program, it was an unusual incident as it involved a hacker who stole data.

'It' Star Jack Dylan Grazer Joins DC Superhero Film 'Shazam!'
Jack Dylan Grazer starred in IT, which was the highest grossing horror film ever, with $694M worldwide. The movie will be produced by Peter Safran, who also produced Annabelle: Creation and Aquaman .

Five states and multiple countries are investigating the matter, The Hill reported. New CEO Dara Khosrowshahi said in November that Uber was wrong in covering it up, and said "We are changing the way we do business".

However, according to Reuters, it was one lone wolf - and a young U.S. citizen at that - who was responsible.

The payment was made through a bug hunter scheme called HackerOne, created to reward security researchers who identify weaknesses and issues in a company's software.

'The creation of a bug bounty program doesn't allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don't apply to them, ' Moussouris said.

In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc security chief, said he integrated security engineers and developers at Uber 'with our lawyers and our public policy team who know what regulators care about'. One of them, physical security chief Jeff Jones, later told others he would have left anyway, sources told Reuters.