New details of Uber hack and bug bounty cover-up come to light

New details of Uber hack and bug bounty cover-up come to light

Uber revealed last month that hackers stole data on more than 57 million riders and drivers in October 2016.

The second person was paid by the Florida-based hacker to, among other services, access Github, a site used by programmers to store code, in order to gain credentials to access Uber data, it added.

But it would appear that Uber used its bug bounty as a means to pay-off the hacker, who a source described as "living with his mom in a small home trying to help pay the bills" and noted Uber didn't want to pursue any legal action due to perceiving the man as no longer posing a threat to it.

New Uber CEO Dara Khosrowshahi fired a pair of top Uber security officials when the company announced the incident, saying regulators should have been told when the breach was discovered, approximately one year prior.

The ride-hailing app paid the man, whose identity is still unknown, and an anonymous accomplice to delete the data through a "bug bounty" programme, according to Reuters. A former executive at the firm, Katie Moussouris, said that such a high payment would have been an "all-time record".

Security professionals said rewarding a hacker who had stolen data also would be well outside the normal rules of a bounty program, where payments are typically in the $5,000 to $10,000 range.

50 new Hoenn Pokémon added to Pokémon Go
Local weather will be taken into account, changing the rates at which some Pokémon appear and powering up certain types. Announced on the company's Pokémon Go blog , the first major change will be the creation of a dynamic weather system .

GVC in Talks to Buy Ladbrokes Coral for Up to $5.2 Billion
Any deal would lead to GVC owning 53.5% of the combined group, with Ladbrokes Coral shareholders owning 46.5%. Discussions in the summer broke down over a price dispute shortly before the government's gambling review.

AG: Raila's swearing-in is high treason, punishable by death
Without directly mentioning the ceremony or the United States, Odinga said on Thursday that Kenyans should be left to solve their own problems.

The payment was made by Uber past year via a program that is created to reward different researchers who report company software flaws, said the sources. Reuters reported that even then-CEO Travis Kalanick, who left the company in June 2017 amid accusations of fostering a hostile and sexist work culture, was aware of the breach and was part of the effort to keep it a secret.

HackerOne CEO Marten Mickos said he could not discuss an individual customer's programs. They also analysed his machine to confirm that the data had been purged.

'The creation of a bug bounty program doesn't allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don't apply to them, ' Moussouris said.

Sullivan and Clark did not respond to requests for comment.

Another three members of Uber's security subsequently resigned from their roles last week.

Related Articles

  • Martin Schulz seeks backing for grand coalition to end Germany crisis

    Martin Schulz seeks backing for grand coalition to end Germany crisis

    Schulz, a former head of the European Parliament, said a pre-condition for entering such talks would be "an about-face in European policy".
    Champions League: Manchester United target flops while fullback wanted by Chelsea thrives

    Champions League: Manchester United target flops while fullback wanted by Chelsea thrives

    Liverpool (if top): Bayern Munich, Juventus , Basel , Real Madrid , Shakhtar Donetsk, Napoli, Porto or RB Leipzig. Find out why Chelsea supporters could be anxious ahead of Monday's Champions League round of 16 draw...
    Sexiest Asian Women 2017

    Sexiest Asian Women 2017

    The youngest one on the list was TV actor Shivangi Joshi, aged 19 while the oldest was Sridevi ranked at 49. The rest of the list include Drashti Dhami , Katrina Kaif, Shraddha Kapoor, Gauhar Khan and Rubina Dilaik.
  • Snow warning for Donegal comes into force later

    Snow warning for Donegal comes into force later

    The Met Office has issued an amber "be prepared" weather warning for northern Scotland on Thursday. North and North West counties will be most at risk, as well as higher ground elsewhere".
    Work begins to collect toys for children in need throughout Western Washington

    Work begins to collect toys for children in need throughout Western Washington

    Despite there not being a Toys for Tots program in Midland, other charities within the city have stepped forward. Fortunately, the task at hand is a lot easier than fighting a war - it is giving back through Toys for Tots.
    Putin says Russian Federation  won't prevent athletes from competing in Pyeongchang - agencies

    Putin says Russian Federation won't prevent athletes from competing in Pyeongchang - agencies

    Russia's "partly to blame" for the situation it's in, though the Olympic ruling was still "politically motivated", he said, according to the Interfax news service.
  • Messi wants Higuain for Argentina

    Messi wants Higuain for Argentina

    Messi, however, believes they should have celebrated at least two victories. "I understand Masche. The best thing is to play and enjoy yourself, and he doesn't think he'll get minutes here".
    Big Boss 11: Contestants Parents makes them Happy and Emotional

    Big Boss 11: Contestants Parents makes them Happy and Emotional

    There have been reports that Divya has been really upset with Priyank's in-house behavior and even called off their relationship. While enemies turned friends Vikas Gupta and Shilpa Shinde will be seen bonding with each other's mothers in the show.
    Jennifer Lawrence 'afraid' of sexy scenes after nude photo hack

    Jennifer Lawrence 'afraid' of sexy scenes after nude photo hack

    The Hunger Games star continues, saying the disappointment of the movie failing has been hard to overcome. 'He was paternal to me. She continued to describe Weinstein as a "tough guy" and a "brute", but she maintained that she was unaware of his true persona.
  • PUBG New Desert Map Gets Another New Weapon

    PUBG New Desert Map Gets Another New Weapon

    Miramar is a desert environment, a departure from the usual fields and forests of the original Erangel map. The new desert map is called Miramar , and it's ready for its first batch of contestants.

    Takes Position in Carnival Corp (CCL)

    Finally, Credit Suisse Group restated a "neutral" rating on shares of Carnival in a report on Thursday, September 28th. A number of other institutional investors and hedge funds have also added to or reduced their stakes in the business.
    Largest Cryptocurrency Mining Market NiceHash Hacked

    Largest Cryptocurrency Mining Market NiceHash Hacked

    The company has confirmed that hackers have managed to steal some Bitcoins , although they have not given any details on how many. Cryptocurrency mining website NiceHash has suffered a security breach that has seen its Bitcoin wallet emptied.