ibusinesslines.com
ibusinesslines.com July 20, 2018


Uber paid 20-year-old man to keep data breach secret

07 December 2017, 05:54 | Kelvin Horton

Uber announced personal data of 57 million passengers were stolen in a breach in 2016

Uber Paid 20-Year-Old Florida Man To Keep Data Breach Secret Sources

A Reuters report citing sources familiar with the matter claims that a 20 year-old from Florida was responsible for Uber's 2016 data breach.

HackerOne subsequently paid the person $100,000 in exchange for erasing the stole Uber data, the sources told Reuters.

Sources familiar with the hack told Reuters the payment was made through a program created to reward bug hunters who report flaws in a company's software.

The allegation will make life more hard for Uber CEO Dara Khosrowshahi, who had only became aware of the breach recently, as he had only joined the company in August. He stepped down as Uber CEO in June and has taken a vow of silence too.

In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne.

Uber declined to pursue criminal charges after determining that the person didn't pose an additional threat and eventually paid the hacker after confirming their identity and making them sign a nondisclosure agreement, Reuters reported.


The most interesting part, which is hacker's description according to a source - "Living with his mom in a small home trying to help pay the bills". "Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code", that company said in a statement. The pilfered data included personal information such as names, email addresses and driver's license numbers, but not Social Security numbers and credit card information, the company said.

Moussouris added that the failure to report the breach was a grievous error: "The creation of a bug bounty program doesn't allow Uber, their bounty service provider or any other company the ability to decide that breach notification laws don't apply to them". The breach occurred in October 2016, but was not revealed until last month.

Sullivan and Clark did not respond to requests for comment.

The revelation has gotten the startup in hot water with regulators and prosecutors.

Last week, three more top managers in Uber's security unit resigned. The bounty program is meant to reward security researchers who bring bugs to the company's attention so that a fix can be put into place.



Other News

Trending Now

Light snow, rain chances continue overnight
Wednesday looking colder with lows in the upper 30s and few flurries during the afternoon with no accumulation. Highs today near seasonal hitting the lower 40s but winds will still be gusting at 15-20 miles per hour .

Call Of Duty WW2's Winter Siege Event Trailer And Details Unveiled
In addition to the weapons, there will be new winter supply drops, replacing rare supply drops for the duration of the event. The first holiday event for Call of Duty WW2 is set to kick off on December 8th, 2017.

The most expensive painting Da Vinci will appear in UAE
By then the painting was generally reckoned to be the work of a follower of Leonardo and not the work of Leonardo himself. The New York Times reports the mystery buyer was a little-known Saudi prince according to documents it reviewed.

Saif Ali Khan states he won't mind releasing Kaalakaandi with Padmavati!
About why he chose to get into the digital space with Sacred Games, Saif Ali Khan said, "It is the future of movies". The film which already had it's share of tiff with Censor Board and delays will now hit theatres on January 12th.

Nicehash Hacked: $62 Million In Bitcoin Stolen
Another NiceHash user Philip Richardson tweeted: "If I don't get my btc back I will never use your service again". Hackers have plundered a digital currency exchange, stealing millions of pounds worth of customers' Bitcoin .

PUBG On Xbox One Will Receive These Exclusive Cosmetic Packs
Ramshackle walls built to protect its residents now allow players ample cover to explore the well-stocked compound. The key to holding this town is bridge control, as it's the only direct route between mainland and the island.

Dallas Sheriff Lupe Valdez to run for governor; announcement today in Austin
At the Texas Democratic Party Headquarters on Wednesday morning, Lupe Valdez filed the paperwork to run for Governor. Customs Service, and the Department of Homeland Security-before being elected Dallas County sheriff in 2004.