Uber paid hacker $100,000 to delete breached data, via a ‘bug bounty’ program
San Francisco/Washington — A 20-year-old Florida man was responsible for the large data breach at Uber Technologies last year and was paid by Uber to destroy the data through a so-called "bug bounty" program, normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters. Uber announced on November 21 that the personal data of 57-million users, including 600,000 drivers in the US, were stolen in a breach that occurred in October 2016, and that it paid the hacker $100,000 to destroy the information. But the company did not reveal any information about the hacker or how it paid him the money. Uber made the payment last year through an initiative designed to reward security researchers who report flaws in a company’s software, these people said. Uber’s bug bounty service — as such a program is known in the industry — is hosted by a company called HackerOne, which offers its platform to a number of tech companies. Reuters was unable to esta...
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Subscribe now to unlock this article.
Support BusinessLIVE’s award-winning journalism for R129 per month (digital access only).
There’s never been a more important time to support independent journalism in SA. Our subscription packages now offer an ad-free experience for readers.
Cancel anytime.
Questions? Email helpdesk@businesslive.co.za or call 0860 52 52 00. Got a subscription voucher? Redeem it now.