Uber Pays $100k to Cover Hack

on 12:23 PM

According to a report by Reuters, Uber reportedly paid a Florida hacker $100,000 under the guise of a bug bounty program to keep quiet about a data breach which exposed information belonging to 57 million users.  The report says a 20-year-old was responsible for the catastrophic data breach, rather than a sophisticated group or state-sponsored team.

The data breach came to light in November.  Names, email addresses, and phone numbers of 57 million Uber users worldwide were stolen, including copies of 600,000 drivers' licenses. The breach began in 2016, apparently caused after hackers compromised a private GitHub repository and harvested engineering credentials later used to access an Amazon Web Services (AWS) account and the information stored within.

Under the terms of the $100k deal, the unnamed hacker signed a nondisclosure agreement, agreed not to compromise Uber again, and the company also conducted a forensic examination of his computer to make sure the data had been purged. The 20-year old hacker was reportedly "living with his mom in a small home trying to help pay the bills." Regulators were not informed of the incident at the time of the breach.

Read the article in entirety.