It turns out that a 20-year-old Florida man, amongst the assist of another, breached Uber's arrangement final twelvemonth together with was paid a huge sum past times the companionship to destroy the information together with transcend on the incident secret.
Just final week, Uber announced that a massive information breach inward Oct 2016 exposed personal information of 57 1000000 customers together with drivers together with that it paid 2 hackers $100,000 inward ransom to destroy the information.
However, the ride-hailing companionship did non let on identities or whatever information most the hackers or how it paid them.
Now, 2 unknown sources familiar amongst the incident conduct hold told Reuters that Uber paid a Florida human being through HackerOne platform, a service that helps companies to host their põrnikas bounty together with vulnerability disclosure program.
So far, the identity of the Florida human being was unable to live on obtained or some other mortal who helped him send out the hack.
Notably, HackerOne, who does non deal or plays whatever component subdivision inward deciding the rewards on behalf of companies, receives identifying information of the recipient (hackers together with researchers) via an IRS W-9 or W-8BEN shape earlier payment of the accolade tin lav live on made.
In other words, some employees at Uber together with HackerOne definitely knows the existent identity of the hacker, merely conduct non to pursue the case, every bit the private did non seem to pose whatever futurity threat to the company.
Moreover, the sources every bit good said that Uber conducted a forensic analysis of the hacker's calculator to brand certain that all the stolen information had been wiped, together with had the hacker every bit good sign a nondisclosure understanding to foreclose farther wrongdoings.
Reportedly, the Florida human being every bit good paid some unknown part of the received bounty to the minute person, who was responsible for helping him obtain credentials from GitHub for access to Uber information stored elsewhere.
Originally occurred inward Oct 2016, the breach exposed the names together with driver license numbers of some 600,000 drivers inward the United States, together with the names, emails, together with mobile telephone numbers of roughly 57 1000000 Uber users worldwide, which included drivers every bit well.
However, other personal details, similar trip place history, dates of birth, credit carte numbers, banking concern concern human relationship numbers, together with Social Security numbers, were non accessed inward the attack.
Former Uber CEO Travis Kalanick learned of the cyber fix on inward Nov 2016 together with chose non to involve authorities, believing the companionship tin lav easily together with to a greater extent than effectively negotiate straight amongst the hackers to confine whatever terms to its customers.
However, this hush-hush dealing amongst the hackers eventually toll Uber safety executives their jobs for treatment the incident.
Now Uber CEO Dara Khosrowshahi has reportedly fired Uber Chief Security Officer Joe Sullivan, together with 1 of his deputies, Craig Clark, who worked to transcend on the information breach quiet.
"None of this should conduct hold happened, together with I volition non brand excuses for it. While I cannot erase the past, I tin lav commit on behalf of every Uber employee that nosotros volition acquire from our mistakes," Khosrowshahi said.
"We are changing the agency nosotros create business, putting integrity at the pith of every determination nosotros brand together with working difficult to earn the trust of our customers."Last week, iii to a greater extent than top Uber safety managers resigned, including Sullivan's primary of staff Pooja Ashok, senior safety engineer Prithvi Rai, together with physical safety primary Jeff Jones.
Share This :
comment 0 Comments
more_vert