Latest
Recommended
Published: Fri, December 08, 2017
Global Media | By Abel Hampton

20-year-old Florida man was behind Uber hack

20-year-old Florida man was behind Uber hack

The bounty program is meant to reward security researchers who bring bugs to the company's attention so that a fix can be put into place.

The ride-sharing company announced last month that a hacker had stolen the personal data of 57 million passengers and 600,000 drivers in October 2016.

This information was made public after a report from Bloomberg claimed that Uber made a $100,000 payoff to destroy the hacked data.

In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne. It is important to note that while HackerOne hosts Uber's bug bounty program, it does not manage it, nor does it have a hand in setting Uber's prices for bounty payments. Indeed, it plays no role in payout decisions. "In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made", he said.

HackerOne subsequently paid the person $100,000 in exchange for erasing the stole Uber data, the sources told Reuters.

The company did not say how hackers assured the company the stolen data was destroyed. New CEO Dara Khosrowshahi said in November that Uber was wrong in covering it up, and said "We are changing the way we do business".

This all has a distinct whiff of bad practice about it, something which has plagued Uber of late, what with losing its London license and the rather nasty actions of former chief executive Travis Kalanick.

Mr. Khosrowshahi learned of the incident after becoming Uber's chief executive in August, and he's since terminated two employees implicated in its response, Joe Sullivan, Uber's former head of security, and a deputy, attorney Craig Clark.

Furthermore, Reuters reports that "Uber made the payment to confirm the hacker's identity and have him sign a nondisclosure agreement to deter further wrongdoing".

Uber is already under fire for not disclosing the hack earlier to authorities and could be hit with stiff financial penalties.

Uber had not responded to Silicon UK at the time of writing.

Like this: