Uber Paid $100K To 20-Year-Old Hacker For Breach

The recent Uber data breach which compromised the personal information of 57 million users was the work of a 20-year-old Florida man, a new report has revealed.

Reuters reports the breach was done by a young man, who was described by a source as “living with his mom in a small home trying to help pay the bills.” The hacker has not been identified.

Related: One in Five Don’t Feel Safe Using Sharing Services, Says Survey

As previously reported, Uber paid $100,000 to ensure that the hack was kept under wraps, and that the stolen data was destroyed. The new report reveals the hacker was paid through Uber’s bug bounty program.

Not Normal

Normally, bug bounty programs are designed to reward hackers who find flaws in a company’s code. The report notes that payments in a typical bounty program often range between $5,000 and $10,000.

This particular case is different for a few obvious reasons. The money involved — $100,000 — is an extremely high amount to be paid from a bug bounty program. It’s also not a normal move to use such a program to pay off a hacker who stole data from the company.

While the original report claimed Uber was hacked by two people, a source said the hacker paid someone else “to obtain credentials for access to Uber data stored elsewhere” through GitHub.

But GitHub — a site used to store code — told Reuters the attack “did not involve a failure of its security systems.”

The Fallout Continues

The hacker was made to sign a nondisclosure agreement “to deter further wrongdoing,” and Uber also analyzed his computer to ensure the data was properly purged. Ultimately, Uber’s security team didn’t see the hacker as a security threat going forward, and the team elected not to prosecute him.

While this report accounts for many of the previously unknown details behind the hack, Uber will be dealing with the fallout for some time. Congress is seeking further answers about the incident, and the company already faces a number of breach-related lawsuits from a number of states and cities.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Trending News

Follow Us