Uber Paid a 20-Year-Old in Florida to Keep Data Breach a Secret

Uber Paid a 20-Year-Old in Florida to Keep Data Breach a Secret

Uber Paid a 20-Year-Old in Florida to Keep Data Breach a Secret

The ride-hailing company Uber revealed last month that hackers stole data on 57 million drivers and riders in October 2016. The breached data included personal information such as names, email addresses and driver’s license numbers, but not Social Security numbers and credit card information, the company said.

Uber also admitted that it paid $100,000 to the data thieves at the time to delete the information. But the company did not reveal any details about the hacker or how it paid him the money.

Sources familiar with the hack told Reuters that the payment was made through a program designed to reward bug hunters who report flaws in a company’s software. Uber’s bug bounty service is hosted by HackerOne, a company that connects security researchers with companies.

While three sources familiar with the hack told Reuters a Florida man was responsible, the news agency said it was unable to identify the man.

HackerOne CEO Marten Mickos said he could not discuss an individual customer’s programs. “In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made,” he said, referring to U.S. Internal Revenue Service forms.

Uber may also have broken a promise made in a Federal Trade Commission settlement to not mislead users about data privacy and security. Uber has declined to comment.

Uber CEO Dara Khosrowshahi fired two of Uber’s top security officials when he announced the breach last month, saying the incident should have been disclosed to regulators at the time it was discovered, about a year before.

It remains unclear who made the final decision to authorize the payment to the hacker and to keep the breach secret, though the sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November of last year. Kalanick, who stepped down as Uber CEO in June, declined to comment on the matter, according to his spokesman.

Megha Shah
Megha Shah
A dreamer, traveler, aspiring entrepreneur and a bookworm beyond repair, Megha Shah is extremely fond of writing and has been doing so since she was a child. Apart from being a part-time writer, Megha is currently in college, pursuing B. Com. (Hons). Megha is an ardent follower of ‘Hardship, Hustle and Heart’ and firmly believes in the power of hard work and destiny!

Leave a Reply

Top
Want to stay up-to-date with news and information from TechFunnel.com?

Subscribe Now