Published: Thu, December 07, 2017
Health | By Jay Jacobs

Florida man, 20, reportedly behind massive hack at Uber

Florida man, 20, reportedly behind massive hack at Uber

Uber paid a Florida man to keep silent about the data breach previous year.

A 20-year-old Florida man was responsible for a massive data breach at Uber last year, although his identity couldn't be established, Reuters reported Wednesday.

Uber made the payment a year ago through a program created to reward security researchers who report flaws in a company's software, these people said.

But the company did not reveal any information about the hacker or how it paid him the money.

Last month, Uber CEO Dara Khosrowshahi confirmed the breach, saying that "we have to be honest and transparent as we work to fix our past mistakes".

The name of the hacker was "unavailable" from "three sources close to the events" that disclosed the other information, reports the Express.

But it would appear that Uber used its bug bounty as a means to pay-off the hacker, who a source described as "living with his mom in a small home trying to help pay the bills" and noted Uber didn't want to pursue any legal action due to perceiving the man as no longer posing a threat to it. Uber's "bug bounty" service, a program known in the industry, is hosted by HackerOne, a company that offers its platform to several tech companies, the report said.

Kate Moussouris, a former HackerOne executive, Luta Security founder and bug bounty advocate, said if the payment had been a legitimate bug bounty, it would have been ideal for everyone involved to shout it from the rooftops.

If the payment was actually made via HackerOne bug bounty program, it was an unusual incident as it involved a hacker who stole data.

Uber declined to comment, while HackerOne representatives didn't immediately respond to a request for comment. HackerOne's CEO said that he couldn't discuss an individual customer's programs.

However, according to Reuters, it was one lone wolf - and a young United States citizen at that - who was responsible.

'None of this should have happened, and I will not make excuses for it, ' Khosrowshahi, said in a blog post announcing the hack last month.

Mr Khosrowshahi fired two of the company's security officials, chief security officer Joe Sullivan and attorney Craig Clark, for their failure to disclose the breach to law enforcement at the time, instead choosing to cover it up.

Like this: