Uber paid 20-year-old man to hide hack, destroy data

2016 Data Security Incident | Uber Newsroom

Uber paid to keep data breach secret: report

Uber revealed last month that it paid a hacker $US100,000 ($131,857) to keep quiet about the fact that he stole personal data on 57 million users.

The name of the hacker was "unavailable" from "three sources close to the events" that disclosed the other information, reports the Express. Uber did mention that Social Security numbers and credit card information wasn't stolen.

Two sources told Reuters that Uber used HackerOne to confirm the 20 year old's identity, and that he was asked to sign a non-disclosure agreement. Making Uber's $100,000 silent payout an all-time record for HackerOne, the firm that hosts Uber's bug bounty program, according to a former exec who spoke to Reuters. Visit MarketWatch.com for more information on this news. Uber is also believed to have conducted a forensic analysis of the hacker's computer to make sure that all data on the company had been wiped. The hacker further paid a second person who offered his services in accessing GitHub to obtain credentials for accessing Uber's data.

The hacker was described as a 20-year-old man in the report.

Regulators were not informed of the incident at the time of the breach.

The payment was made through a bug hunter scheme called HackerOne, created to reward security researchers who identify weaknesses and issues in a company's software. New CEO Dara Khosrowshahi said in November that Uber was wrong in covering it up, and said "We are changing the way we do business".

Kate Moussouris, a former HackerOne executive, Luta Security founder and bug bounty advocate, said if the payment had been a legitimate bug bounty, it would have been ideal for everyone involved to shout it from the rooftops.

Altre Notizie