Report: Uber Paid $100K to Hacker Who Lives With MomDecember 7, 2017 2:47pm

Uber last month revealed a major 2016 hack that exposed information for 57 million customers and drivers, as well as the fact that it paid out $100,000 to the attackers to scrub the information and keep the breach secret.

Now, sources tell Reuters it was actually one hacker who took home the $100,000, and he was a Florida man barely out of his teens.

The "extremely unusual" payment to the unnamed 20-year-old hacker said to be "living with his mom" was made through what's known as Uber's "bug bounty" service—a program often used by big tech companies, per Engadget—hosted by a firm called HackerOne, which compensates hackers for finding issues in software.

The three sources who spoke to Reuters say they're not sure who gave the OK to pay off the hacker and cover up the breach, though they note then-CEO Travis Kalanick was aware of both moves.

Katie Moussouris, an ex-Hacker One exec, says such a payout would be an "all-time record," as such bug-bounty payments usually fall between $5,000 and $10,000. Also making this case unusual: Uber paid someone who had stolen information and didn't immediately report the breach to regulators.

"The creation of a bug bounty program doesn't allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don't apply to them," Moussouris notes.

The sources say Uber had the hacker sign an NDA and examined his machine to make sure all stolen data had been wiped. One source adds Uber doesn't want to see him prosecuted because it doesn't think he poses any further threat, noting he was simply "living with his mom in a small home trying to help pay the bills." One source says a second person, also unnamed, helped the hacker.

More From Newser

This article originally appeared on Newser: Report: Uber Paid $100K to Hacker Who Lives With Mom

Page 1 of 1

More Stories Like This

Self-Driving Uber Kills Woman Crossing an Arizona Street
Facebook exploring forensic audits to investigate Cambridge Analytica claimsFollowing outrage over a data breach that may exposed approximately 50 million Facebook accounts and resulted in a $40 billion decline in its market cap, the social network has hired a digital forensics firm "to conduct a comprehensive audit of Cambridge Analytica."
Uber's self-driving car accident latest hit to ride-share's reputationSunday night's fatal crash in Arizona involving an autonomous Uber SUV is the latest setback for the company in its bid to go public in 2019 and recover from earlier scandals.
Uber's Self-Driving Car Was Going 40mph, Didn't Slow
The key to cheaper US rocket launches may sit in Brazil’s jungle

Related Searches

Related Searches