I talked about the Uber incident a few weeks ago. The company suffered a data breach that could only be replicated by EQUIFAX themselves. However, it seems like there is a lot that hasn’t been talked about in regards to this situation. An exclusive interview with Reuters shows that a 20-year-old was responsible for this.
A 20-year-old Florida man was responsible for the large data breach at Uber Technologies. He was the fellow that got paid by Uber to destroy the data that I briefly mentioned in the previous article. The payment was of a total of $100,000 USD and the condition was discretion about the issue.
Uber made the payment last year through a program designed to reward security researchers who report flaws in a company’s software. This service is provided by the good folks at HackerOne, a white-hat organization that is currently helping Google by offering rewards to people who hack popular apps.
Newly appointed Uber Chief Executive Dara Khosrowshahi fired two of Uber’s top security officials when he announced the breach last month, saying the incident should have been disclosed to regulators at the time it was discovered, about a year before.
It has been rumored that the person behind the NDA was the former CEO of the company, Travis Kalanick. The reason for this is because the CEO was aware of the breach and bug bounty payment in November of last year.
The people at HackerOne were actually surprised about the payment delivered to the 20-year-old. They mentioned that a payment of $100,000 through a bug bounty program would be extremely unusual, with one former HackerOne executive saying it would represent an “all-time record.”
Let’s make this clear though, HackerOne is not directly responsible for Uber’s bug bounty program. In fact, even though these measures might seem unorthodox to them, they can’t do much about it. Because they are mediators and not so much actual managers of the program. You can read the full interview here.