Markets

20-year-old Florida man was behind Uber hack

20-year-old Florida man was behind Uber hack

A Florida man, who is 20, was responsible for the data breach past year at Uber Technologies and was paid by the company to destroy that data through what is known as a bug bounty program that is normally used in identifying vulnerabilities, said three sources who are familiar with this situation.

The second person was paid by the Florida-based hacker to, among other services, access Github, a site used by programmers to store code, in order to gain credentials to access Uber data, it added. A new report from Reuters says that a Florida man, 20, was behind the massive hack. As per a report by Reuters, the payment to the hacker was made via Uber's bug bounty program hosted by HackerOne.

It remains unclear who made the final decision to authorise the payment to the hacker and to keep the breach secret, although the Reuters sources said then-CEO Kalanick was aware of the breach and bug bounty payment in November of past year. Since that time, CEO Travis Kalanick stepped down and was replaced by Dara Khosrowshahi in August.

It is important to note that HackerOne only hosts Uber's bug bounty program but does not manage it.




Uber could be in more hot water after it was reported that the taxi service had allegedly used its bug bounty program to pay a hacker to destroy the data he had stolen.

The payment was made through a bug hunter scheme called HackerOne, created to reward security researchers who identify weaknesses and issues in a company's software.

Uber spokesman Matt Kallman declined to comment, the report said. They also analysed his machine to confirm that the data had been purged. The rideshare company did not disclose any more information. Hackers and security researchers are typically paid thousands of dollars for bugs they find, depending on their severity.

Uber's $100,000 payout and silence on the matter at the time was extraordinary under such a program, according to Luta Security founder Katie Moussouris, a former HackerOne executive. The bounty program is meant to reward security researchers who bring bugs to the company's attention so that a fix can be put into place. Another of the three, senior security engineer Prithvi Rai, later agreed to stay in a new role.