20-year-old Florida man was behind Uber hack

Share

This information was made public after a report from Bloomberg claimed that Uber made a $100,000 payoff to destroy the hacked data. In November, Uber revealed it suffered from a cyberattack in October 2016 that exposed the private data of 57 million drivers and customers, which it then covered up. But the company did not reveal any details about the hacker or how it paid him the money.

Uber may also have broken a promise made in a Federal Trade Commission settlement not to mislead users about data privacy and security.

In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne. Sources familiar with the hack have told Reuters that the payment was made through a program created to reward bug hunters who report flaws.

Uber spokesman Matt Kallman declined to comment to Reuters.

Game of Thrones season 8 might arrive later than expected
Sansa Stark may want to watch her back, because she just dropped a big possible reveal about Game of Thrones' last season. We're all kind of feeling the end of it coming", she said. "We're all trying not to take it for granted any more".

Dara Khosrowshahi, Uber's new CEO, fired two of of the company's security leaders when he found out about the breach, and acknowledged that it should have been reported when it was discovered.

After the hack occurred, instead of publicly announcing it, the company paid $100,000 to the hackers to delete the information.

The payment was made through a bug hunter scheme called HackerOne, created to reward security researchers who identify weaknesses and issues in a company's software. It is important to note that while HackerOne hosts Uber's bug bounty program, it does not manage it, nor does it have a hand in setting Uber's prices for bounty payments. 'In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made, ' he said, referring to U.S. Internal Revenue Service forms.

KitGuru Says: The Uber hack was clearly handled poorly, particularly since paying off data thieves encourages others to attempt the same thing. Uber also conducted a forensic analysis of the hacker's machine to make sure the data had been purged, the sources said. 'Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code, ' that company said in a statement.

Cinemark Joins Others in Movie Membership Offering
Cinemarks' new plan comes as another movie theater subscription service, called Movie Pass, continues to climb in popularity. The club also allows members to bring their friends to movies for reduced rates and receive discounts at concession shops.

Three sources with the matter have told Reuters that the person responsible was identified as a Florida man, but identification of the man is still unknown. Hackers and security researchers are typically paid thousands of dollars for bugs they find, depending on their severity. But complicated scenarios can emerge when dealing with hackers who obtain information illegally or seek a ransom. A former executive at the firm, Katie Moussouris, said that such a high payment would have been an "all-time record".

The revelation has gotten the startup in hot water with regulators and prosecutors.

Another three members of Uber's security subsequently resigned from their roles last week.

Snow warning for Donegal comes into force later
A status yellow wind warning for Donegal, Galway, Leitrim, Mayo, Sligo, Clare and Kerry will remain in place until 8pm tonight . Northwest winds of 55 to 65 are expected to gust 100 to 110 km/h - strongest winds in coastal areas and over high ground.

Share