The hacker that Uber compensated to destroy information and maintain a hack that uncovered the non-public information of 57 million drivers and passengers is a 20-year-old Florida man that the experience share firm paid $100,000 to by way of its bug bounty program.
Citing three nameless sources, Reuters reported that Uber funneled fee by way of this system – meant to encourage safety researchers to seek out and disclose vulnerabilities – which is hosted by HackerOne.
Uber, which was already in scorching water with regulators for a 2014 breach, “was underneath a authorized obligation to inform regulators and to the impacted customers and drivers,” Corey Williams, senior director of merchandise and advertising and marketing at Centrify, mentioned when information of the newest breach broke in November. “As a substitute they took excessive measures to cover the hack, paying $100okay to the hackers to stay quiet and actively took steps to maintain the reality underneath wraps.”
Former CEO Travis Kalanick, who stepped down after the hack was revealed, reportedly knew of the incident and payout. Reuters’ sources mentioned the corporate paid up so it may establish the hacker and commit him to a nondisclosure settlement to forestall future transgressions.
A single fee of $100,000 would have attracted consideration, the report mentioned, noting HackerOne spokesperson mentioned “in all instances when a bug bounty award is processed by way of HackerOne, we obtain figuring out data of the recipient within the type of an IRS W-9 or W-8BEN type earlier than fee of the award might be made.”
The report additionally cited former HackerOne Chief Coverage Officer (CPO) Katie Moussouris, founding father of Luta Safety, as saying “if it had been a legit bug bounty, it will have been superb for everybody concerned to shout it from the rooftops,” and noting, “The creation of a bug bounty program does not permit Uber, their bounty service supplier, or some other firm the flexibility to determine that breach notification legal guidelines do not apply to them.”
window.fbAsyncInit = function() ;
(function () )();