New details of Uber hack and bug bounty cover-up come to light

New details of Uber hack and bug bounty cover-up come to light

Uber revealed last month that hackers stole data on more than 57 million riders and drivers in October 2016.

The second person was paid by the Florida-based hacker to, among other services, access Github, a site used by programmers to store code, in order to gain credentials to access Uber data, it added.

But it would appear that Uber used its bug bounty as a means to pay-off the hacker, who a source described as "living with his mom in a small home trying to help pay the bills" and noted Uber didn't want to pursue any legal action due to perceiving the man as no longer posing a threat to it.

New Uber CEO Dara Khosrowshahi fired a pair of top Uber security officials when the company announced the incident, saying regulators should have been told when the breach was discovered, approximately one year prior.

The ride-hailing app paid the man, whose identity is still unknown, and an anonymous accomplice to delete the data through a "bug bounty" programme, according to Reuters. A former executive at the firm, Katie Moussouris, said that such a high payment would have been an "all-time record".

Security professionals said rewarding a hacker who had stolen data also would be well outside the normal rules of a bounty program, where payments are typically in the $5,000 to $10,000 range.

Messi wants Higuain for Argentina
Messi, however, believes they should have celebrated at least two victories. "I understand Masche. The best thing is to play and enjoy yourself, and he doesn't think he'll get minutes here".

Amazon Prime Video now available on Apple TV
Amazon stopped selling Apple TV and Google Chromecast devices in 2015, a year after it launched Fire TV. They also both offer corporate cloud-computing services, a market where Amazon leads by a wide margin.

Home Depot (HD) to Repurchase $15.00 billion in Shares
More interesting news about The Home Depot, Inc . (NYSE:HD) earned "Buy" rating by Argus Research on Wednesday, November 18. The Bainco International Investors holds 70,043 shares with $10.75 million value, down from 72,163 last quarter. (NYSE:HD).

The payment was made by Uber past year via a program that is created to reward different researchers who report company software flaws, said the sources. Reuters reported that even then-CEO Travis Kalanick, who left the company in June 2017 amid accusations of fostering a hostile and sexist work culture, was aware of the breach and was part of the effort to keep it a secret.

HackerOne CEO Marten Mickos said he could not discuss an individual customer's programs. They also analysed his machine to confirm that the data had been purged.

'The creation of a bug bounty program doesn't allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don't apply to them, ' Moussouris said.

Sullivan and Clark did not respond to requests for comment.

Another three members of Uber's security subsequently resigned from their roles last week.

Related Articles