FLORIDA: Uber reportedly paid a hacker from Florida $100,000 under the guise of a bug bounty program to keep quiet about a data breach which exposed information belonging to 57 million users.
According to three unnamed sources, a 20-year-old was responsible for the catastrophic data breach, rather than a sophisticated group or state-sponsored team.
The data breach came to light in November, in which the names, email addresses, and phone numbers of 57 million Uber users worldwide were stolen, including 600,000 drivers’ license copies.
The breach, dating back to 2016, was apparently caused after hackers compromised a private GitHub repository and harvested engineering credentials later used to access an Amazon Web Services (AWS) account and the information stored within.
Last month, Uber CEO Dara Khosrowshahi confirmed the breach, saying that “we have to be honest and transparent as we work to repair our past mistakes.”
The hackers in question were paid $100,000 to delete the information and keep quiet under the guise of the legitimate bug bounty program offered by Uber on the HackerOne bug bounty platform.