It turns out that a 20-year-old Florida man, amongst the assist of another, breached Uber's organization final twelvemonth together with was paid a huge sum yesteryear the fellowship to destroy the information together with cash inward one's chips on the incident secret.
Just final week, Uber announced that a massive information breach inward Oct 2016 exposed personal information of 57 meg customers together with drivers together with that it paid 2 hackers $100,000 inward ransom to destroy the information.
However, the ride-hailing fellowship did non give away identities or whatever information close the hackers or how it paid them.
Now, 2 unknown sources familiar amongst the incident create got told Reuters that Uber paid a Florida homo through HackerOne platform, a service that helps companies to host their põrnikas bounty together with vulnerability disclosure program.
So far, the identity of the Florida homo was unable to last obtained or some other somebody who helped him send out the hack.
Notably, HackerOne, who does non deal or plays whatever business office inward deciding the rewards on behalf of companies, receives identifying information of the recipient (hackers together with researchers) via an IRS W-9 or W-8BEN shape earlier payment of the honor tin last made.
In other words, some employees at Uber together with HackerOne definitely knows the existent identity of the hacker, but select non to pursue the case, every bit the private did non seem to pose whatever time to come threat to the company.
Moreover, the sources besides said that Uber conducted a forensic analysis of the hacker's calculator to brand certain that all the stolen information had been wiped, together with had the hacker besides sign a nondisclosure understanding to forestall farther wrongdoings.
Reportedly, the Florida homo besides paid some unknown component subdivision of the received bounty to the 2nd person, who was responsible for helping him obtain credentials from GitHub for access to Uber information stored elsewhere.
Originally occurred inward Oct 2016, the breach exposed the names together with driver license numbers of some 600,000 drivers inward the United States, together with the names, emails, together with mobile hollo upwards numbers of but about 57 meg Uber users worldwide, which included drivers every bit well.
However, other personal details, similar trip place history, dates of birth, credit menu numbers, banking enterprise trouble organization human relationship numbers, together with Social Security numbers, were non accessed inward the attack.
Former Uber CEO Travis Kalanick learned of the cyber ready on inward Nov 2016 together with chose non to involve authorities, believing the fellowship tin easily together with to a greater extent than effectively negotiate direct amongst the hackers to boundary whatever impairment to its customers.
However, this undercover dealing amongst the hackers eventually terms Uber safety executives their jobs for treatment the incident.
Now Uber CEO Dara Khosrowshahi has reportedly fired Uber Chief Security Officer Joe Sullivan, together with ane of his deputies, Craig Clark, who worked to cash inward one's chips on the information breach quiet.
"None of this should create got happened, together with I volition non brand excuses for it. While I cannot erase the past, I tin commit on behalf of every Uber employee that nosotros volition acquire from our mistakes," Khosrowshahi said.
"We are changing the means nosotros produce business, putting integrity at the nitty-gritty of every conclusion nosotros brand together with working difficult to earn the trust of our customers."Last week, iii to a greater extent than transcend Uber safety managers resigned, including Sullivan's main of staff Pooja Ashok, senior safety engineer Prithvi Rai, together with physical safety main Jeff Jones.
