Home / Automotive / Cars / Uber paid a 20-...

UBER PAID A 20-YEAR-OLD TO KEEP DATA BREACH A SECRET


Date: 2017-12-07
Hacks, Hacker, Data, Data breach, HackerOne, Uber, Newsfeeds24,News,

A 20-year-old Florida man was responsible for the large data breach at Uber Technologies last year and was paid by the company to destroy the data through a so-called "bug bounty" programme normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters. 

On November 21 Uber announced that the personal data of 57 million passengers and 600,000 drivers were stolen in a breach that occurred in October 2016, and that the company paid the hacker $100,000 to destroy the information. But Uber did not reveal the information about the hacker nor how the company paid him that amount of money. 

Uber made the payment through a programme designed to reward security researchers who report flaws in the company's software. Uber's bug bounty service – as such a programme is known in the industry – is hosted by a company called HackerOne, which offers its platform to a number of tech companies. 

Reuters was unable to establish the identity of the hacker or another person who sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.

Dara Khosrowshahi, the newly appointed Uber Chief Executive, fired two Uber top security officials when he announced the breach last month, stating the incident should have been disclosed to regulators at the time it was discovered, about a year before. 

Sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November last year. Kalanick, who stepped down as Uber's CEO in June, declined to comment on the matter, according to his spokesman.

HackerOne hosts Uber's bug bounty programme but does not manage it, and plays no role in deciding whether payouts are appropriate or how large they should be.

HackerOne's CEO, Marten Mickos, said he could not discuss an individual customer's programs. "In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made," Mickos said, referring to the US Internal Revenue Service forms.

According to a source, Uber made the payment to confirm the hacker's identity and have him sign a nondisclosure agreement to discourage further wrongdoing. Uber also conducted a forensic analysis of the hacker's machine to make sure the data had been purged, said the source.

 



Article Tags: News Newsfeeds24 Uber HackerOne Data breach Data Hacker Hacks

Recommended


You may also enjoy...

Newsfeeds24.com Newsfeeds24 News South Africa East Rand Mall Shoot out Escaped criminals

Escaped murderers spark shoot out in East Rand Mall, killing a woman...

4 hours ago

Arsene Wenger Arsenal depart Wenger leaves Arsenal Stan Kroenke Arsenal's majority shareholder EPL longest-serving manager Champions League English Premier League Europa League FA Cup Emirates Stadium Patrick Vieira Thomas Tuchel Joachim Low Carlo Ancelotti ArsenalFanTV newsfeeds24 sport

Video: Arsenal announces that Wenger will depart at the end of the season...

7 hours ago

President Cyril Ramaphosa North West protestors protest looting South African President  Cyril Ramaphosa North West province Mahikeng Premier  Supra Mahumapelo plundered properties torched one dead violent protests 23 arrests accused of corruption and maladministration newsfeeds24

Video: Ramaphosa heads to the North West as tension escalates between violent protestors and police...

11 hours ago

Gerrie Economic Freedom Fighters (EFF) fraud and corruption On Point Engineering case unlawful tender accepted bribes Limpopo High Court racist remarks white genocide Duduzane Zuma Phumzile Dube culpable homicide National Prosecuting Authority (NPA) newsfeeds24

AfriForum announces it will privately prosecute Julius Malema for fraud and corruption...

1 day ago

favicon
newsfeeds24.com © 2018