Uber used Bitcoin to pay $100K hacker ransom in 2017, court docs confirm – The Next Web

Uber used Bitcoin to pay hackers who held sensitive data for ransom, court documents have confirmed.

As a result, two men pleaded guilty to charges ofcomputer hacking and extortion, bringing a lengthy legal saga that embroiled Uber and LinkedIn-owned training site Lynda.com in costly data breaches to a close.

To access the companies servers, the hackers gained access to customer information by using Amazon Web Services logins belonging to Uber and Lynda.com employees.

They then contacted both companies to extort them for hundreds of dollars worth of Bitcoin.

At the time, Uber agreed to pay $100,000 in the cryptocurrency. The payment was processed via the tech giants HackerOne bug bounty program, and Uber required the hackers to sign a confidentiality agreement preventing them from using the data and publicly disclosing the security breach.

Vasile Mereacre, from Canada, and Brandon Glover, from Florida, wereindicted last year after stealing information of 55,000 accounts from Lynda.com, which unlike Uber, refused to pay.

It was then revealed that both men were also the perpetrators of a 2016 Uber breach that compromised the data of 57 millions users.

Uber kept the security breach private for over a year, until November 2017, when its new leadership became aware of the cover-up and decided to go public.

As a result, the company received a hefty $148 million fine and had to agree to 20 years of privacy audits.

Uber also fired its chief security officer Joe Sullivan, who orchestrated the payments and failed to alert company users about the security breach.

Published November 1, 2019 15:04 UTC

Continue reading here:

Uber used Bitcoin to pay $100K hacker ransom in 2017, court docs confirm - The Next Web