ibusinesslines.com
ibusinesslines.com December 18, 2017


Uber paid 20-year-old man to keep data breach secret

07 December 2017, 05:54 | Kelvin Horton

Uber announced personal data of 57 million passengers were stolen in a breach in 2016

Uber Paid 20-Year-Old Florida Man To Keep Data Breach Secret Sources

A Reuters report citing sources familiar with the matter claims that a 20 year-old from Florida was responsible for Uber's 2016 data breach.

HackerOne subsequently paid the person $100,000 in exchange for erasing the stole Uber data, the sources told Reuters.

Sources familiar with the hack told Reuters the payment was made through a program created to reward bug hunters who report flaws in a company's software.

The allegation will make life more hard for Uber CEO Dara Khosrowshahi, who had only became aware of the breach recently, as he had only joined the company in August. He stepped down as Uber CEO in June and has taken a vow of silence too.

In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne.

Uber declined to pursue criminal charges after determining that the person didn't pose an additional threat and eventually paid the hacker after confirming their identity and making them sign a nondisclosure agreement, Reuters reported.


The most interesting part, which is hacker's description according to a source - "Living with his mom in a small home trying to help pay the bills". "Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code", that company said in a statement. The pilfered data included personal information such as names, email addresses and driver's license numbers, but not Social Security numbers and credit card information, the company said.

Moussouris added that the failure to report the breach was a grievous error: "The creation of a bug bounty program doesn't allow Uber, their bounty service provider or any other company the ability to decide that breach notification laws don't apply to them". The breach occurred in October 2016, but was not revealed until last month.

Sullivan and Clark did not respond to requests for comment.

The revelation has gotten the startup in hot water with regulators and prosecutors.

Last week, three more top managers in Uber's security unit resigned. The bounty program is meant to reward security researchers who bring bugs to the company's attention so that a fix can be put into place.



Other News

Trending Now

Russia Will Support Its 'Neutral' Athletes At Winter Olympics, Says Mutko
The International Olympic Committee issued such punishment for systematic doping in previous Olympic Games. "To participate in the Olympics is an athlete's right".

Mother of man burnt alive wants guilty punished
Internet services have been suspended in parts of the state and people have been urged to stop sharing the video. In a second video, the man is seen justifying the incident to "protect the honour of Hindus against Muslims ".

Huawei Nova 2s launched with 6-inch display and Kirin 960 chipset
Coming to the pricing, the Huawei Nova 2s is priced at 2699 Yuan for the 4GB RAM variant and is now available for registrations. On the front, the Nova 2s comes with a wide-angle 20-megapixel lens and another 2-megapixel camera for portrait selfies.

House Intelligence committee questions Donald Trump Jr. on Russian Federation contacts
Mike Conway (R-Texas) had a different view on the interview, which lasted from 10 a.m.to 6 p.m., with a few breaks along the way. The interview is being held behind closed doors, and Trump Jr. arrived out of sight of cameras through a back entrance.

Saif Ali Khan states he won't mind releasing Kaalakaandi with Padmavati!
About why he chose to get into the digital space with Sacred Games, Saif Ali Khan said, "It is the future of movies". The film which already had it's share of tiff with Censor Board and delays will now hit theatres on January 12th.

Nicehash Hacked: $62 Million In Bitcoin Stolen
Another NiceHash user Philip Richardson tweeted: "If I don't get my btc back I will never use your service again". Hackers have plundered a digital currency exchange, stealing millions of pounds worth of customers' Bitcoin .

Dallas Sheriff Lupe Valdez to run for governor; announcement today in Austin
At the Texas Democratic Party Headquarters on Wednesday morning, Lupe Valdez filed the paperwork to run for Governor. Customs Service, and the Department of Homeland Security-before being elected Dallas County sheriff in 2004.