Uber reportedly paid a hacker from Florida $100,000 under the guise of a bug bounty program to keep quiet about a data breach which exposed information belonging to 57 million users.
The hacker was described as a 20-year-old man in the report. Visit MarketWatch.com for more information on this news. Reuters did not discover the name of the hacker.
The ride-hailing app paid the man, whose identity is still unknown, and an anonymous accomplice to delete the data through a "bug bounty" programme, according to Reuters.
In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne. A former executive at the firm, Katie Moussouris, said that such a high payment would have been an "all-time record".
If the payment was actually made via HackerOne bug bounty program, it was an unusual incident as it involved a hacker who stole data.
In Amritsar, London Mayor says time for British to apologise for Jallianwala
Hundreds were killed by British soldiers in the 1919 atrocity. "Our thoughts are with all those who died", he wrote. India has been for decades demanding an apology for what is one of the bloodiest massacres in British history.
Five states and multiple countries are investigating the matter, The Hill reported. New CEO Dara Khosrowshahi said in November that Uber was wrong in covering it up, and said "We are changing the way we do business".
However, according to Reuters, it was one lone wolf - and a young U.S. citizen at that - who was responsible.
The payment was made through a bug hunter scheme called HackerOne, created to reward security researchers who identify weaknesses and issues in a company's software.
'The creation of a bug bounty program doesn't allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don't apply to them, ' Moussouris said.
In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc security chief, said he integrated security engineers and developers at Uber 'with our lawyers and our public policy team who know what regulators care about'. One of them, physical security chief Jeff Jones, later told others he would have left anyway, sources told Reuters.