Home / Automotive / Cars / Uber paid a 20-...

UBER PAID A 20-YEAR-OLD TO KEEP DATA BREACH A SECRET


Date: 2017-12-07
Hacks, Hacker, Data, Data breach, HackerOne, Uber, Newsfeeds24,News,

A 20-year-old Florida man was responsible for the large data breach at Uber Technologies last year and was paid by the company to destroy the data through a so-called "bug bounty" programme normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters. 

On November 21 Uber announced that the personal data of 57 million passengers and 600,000 drivers were stolen in a breach that occurred in October 2016, and that the company paid the hacker $100,000 to destroy the information. But Uber did not reveal the information about the hacker nor how the company paid him that amount of money. 

Uber made the payment through a programme designed to reward security researchers who report flaws in the company's software. Uber's bug bounty service – as such a programme is known in the industry – is hosted by a company called HackerOne, which offers its platform to a number of tech companies. 

Reuters was unable to establish the identity of the hacker or another person who sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.

Dara Khosrowshahi, the newly appointed Uber Chief Executive, fired two Uber top security officials when he announced the breach last month, stating the incident should have been disclosed to regulators at the time it was discovered, about a year before. 

Sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November last year. Kalanick, who stepped down as Uber's CEO in June, declined to comment on the matter, according to his spokesman.

HackerOne hosts Uber's bug bounty programme but does not manage it, and plays no role in deciding whether payouts are appropriate or how large they should be.

HackerOne's CEO, Marten Mickos, said he could not discuss an individual customer's programs. "In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made," Mickos said, referring to the US Internal Revenue Service forms.

According to a source, Uber made the payment to confirm the hacker's identity and have him sign a nondisclosure agreement to discourage further wrongdoing. Uber also conducted a forensic analysis of the hacker's machine to make sure the data had been purged, said the source.

 



Article Tags: News Newsfeeds24 Uber HackerOne Data breach Data Hacker Hacks

Recommended


You may also enjoy...

Newsfeeds24 Newsfeeds24.com News Uber Taxify Uber strike Taxify strike Zoo Lake Johannesburg zoo South Africa

Video: Uber and Taxify drivers threaten to shut Johannesburg down...

2 hours ago

Liberty Holdings hacked Arthur Goldstuck  MD of World Wide Worx third party data breach Liberty Financial institution personal data breach speculation of inside job Liberty Holdings CEO  David Munro Liberty's insurance division politics

Liberty suffers a hack, urges customers to change all banking passwords...

1 day ago

News  Newsfeeds24.com  Fifa  Fifa World Cup News  Match  Fifa soccer World Cup 2018 football

Here is what happened in the FIFA World Cup over the past weekend...

1 day ago

Newsfeeds24.com Newsfeeds24 News Eskom Loadshedding Eskom strikes

Eskom leaves South Africa in the dark for another winter...

1 day ago

Premium Partners
Devmoco newsfeeds24Divicii newsfeeds24Loopascoop newsfeeds24

favicon
newsfeeds24.com © 2018