UBER’S MASSIVE data breach that saw the personal information of 57 million users pilfered, was all down to a pesky 20-year-old Floridian man.
The unnamed hacker was paid $100,000 by Uber to destroy all the data he’d nicked back in October 2016, according to sources talking to Reuters, and was paid by the ride-hailing company through a “bug bounty” program.
This is a bit unusual, as such bug bounty schemes are used to reward white hat hackers for discovering software vulnerabilities, and often the companies hosting them will trumpet the success and number of payouts they’ve made as an example of how strong and stable their code has become.
But it would appear that Uber used its bug bounty as a means to pay-off the hacker, who a source described as “living with his mom in a small home trying to help pay the bills” and noted Uber didn’t want to pursue any legal action due to perceiving the man as no longer posing a threat to it.
Apparently, the hacker had to sign a non-disclosure agreement to keep his trap shut about the whole incident, and Uber sent cybersecurity boffins around to make sure the swiped data was indeed purged from his computer.
This all has a distinct whiff of bad practice about it, something which has plagued Uber of late, what with losing its London license and the rather nasty actions of former chief executive Travis Kalanick.
Even if a company manages to contain and handle a data breach, it has a duty to report it to regulators, which Uber appears to have failed to do, aiming for a cover-up rather than mea culpa.
Uber ended up firing its chief security officer Joe Sullivan and attorney Craig Clark over their roles in the data breach, so it looks like the company isn’t exactly chuffed with how the situation was handled, even though it has yet to comment on the revelations Reuters’ sources have been serving up.
As ever, such data breaches serve as a lesson for companies and developers to make sure their apps and services are properly locked down and secure, and if a data breach does happen to admit it and then work with authorities to fix the situation rather than take more clandestine approaches. µ
Source : Inquirer