Only last month, Uber publicly acknowledged the massive hacking of its systems in 2016 with the theft of data from more than 57 million users. The company was surprisingly stingy for details, but reporters Reuters managed to find out some details of the incident.
According to sources, last year Uber received an e-mail from an unknown sender demanding money in exchange for stolen data. The company agreed to pay $ 100,000 on terms of disclosure of the identity and signing of a non-disclosure agreement. The hacker was a 20-year-old guy from Florida who lived with his mother in a small house and wanted to help her with paying bills. For a successful attack, the young man himself paid an unknown person to get access to the correct code on GitHub.
To verify the destruction of information, Uber conducted a detailed analysis of the computer hacker. Interestingly, the company paid for the purchase through the bug bounty program, in which information security specialists are rewarded for finding holes in the security system of the service. Usually, the amount of incentives does not exceed $ 5-10 thousand, and a transaction of $ 100 thousand sets a new historical record for the HackerOne platform that processes these payments.
According to the publication, already the former head of Uber Travis Kalanik knew about this story and an unusual way of payment. In any case, the management should not hide the fact of hacking. According to the current CEO, Dara Khosrovshahi, the company has already sacked the security chief Joe Sullivan and his deputy Craig Clark. Last week three more top managers left the department.
Read in Russian: Uber взломал 20-летний хакер. За молчание ему заплатили $100 000