Last year, Uber received an email by an anonymous person demanding money in exchange for the stolen user database.
the idea turns out of which a 20-year-old Florida man, with the help of another, breached Uber’s system last year as well as also was paid a huge amount by the company to destroy the data as well as also keep the incident secret.
Just last week, Uber announced of which a massive data breach in October 2016 exposed personal data of 57 million customers as well as also drivers as well as also of which the idea paid two hackers $100,000 in ransom to destroy the information.
However, the ride-hailing company did not disclose identities or any information about the hackers or how the idea paid them.
right now, two unknown sources familiar with the incident have told Reuters of which Uber paid a Florida man through HackerOne platform, a service of which helps companies to host their bug bounty as well as also vulnerability disclosure program.
So far, the identity of the Florida man was unable to be obtained or another person who helped him carry out the hack.
Notably, HackerOne, who does not manage or plays any role in deciding the rewards on behalf of companies, receives identifying information of the recipient (hackers as well as also researchers) via an IRS W-9 or W-8BEN form before payment of the award can be made.
In different words, some employees at Uber as well as also HackerOne definitely knows the real identity of the hacker, although choose not to pursue the case, as the individual did not appear to pose any future threat to the company.
Moreover, the sources also said of which Uber conducted a forensic analysis of the hacker’s computer to make sure of which all the stolen data had been wiped, as well as also had the hacker also sign a nondisclosure agreement to prevent further wrongdoings.
Reportedly, the Florida man also paid some unknown portion of the received bounty to the second person, who was responsible for helping him obtain credentials by GitHub for access to Uber data stored elsewhere.
Originally occurred in October 2016, the breach exposed the names as well as also driver license numbers of some 600,000 drivers inside United States, as well as also the names, emails, as well as also mobile phone numbers of around 57 million Uber users worldwide, which included drivers as well.
However, different personal details, like trip location history, dates of birth, credit card numbers, bank account numbers, as well as also Social Security numbers, were not accessed inside attack.
Former Uber CEO Travis Kalanick learned of the cyber attack in November 2016 as well as also chose not to involve authorities, believing the company can easily as well as also more effectively negotiate directly with the hackers to limit any harm to its customers.
However, This kind of secret dealing with the hackers eventually cost Uber security executives their jobs for handling the incident.
right now Uber CEO Dara Khosrowshahi has reportedly fired Uber Chief Security Officer Joe Sullivan, as well as also one of his deputies, Craig Clark, who worked to keep the data breach quiet.
“None of This kind of should have happened, as well as also I will not make excuses for the idea. While I cannot erase the past, I can commit on behalf of every Uber employee of which we will learn by our mistakes,” Khosrowshahi said.
“We are changing the way we do business, putting integrity at the core of every decision we make as well as also working hard to earn the trust of our customers.”
Last week, three more top Uber security managers resigned, including Sullivan’s chief of staff Pooja Ashok, senior security engineer Prithvi Rai, as well as also physical security chief Jeff Jones.