>> The massive hack that Uber hid for over a year was carried out by a 20 year old Florida man, sources tell Reuters, and he was paid by Uber to destroy the data through a so called bug bounty program normally used to identify small code vulnerabilities. Uber announced in November that the personal data of 57 millions passengers and 600,000 drivers were stolen in a breach that occurred in October 2016, and that it paid the hacker $100,000 to destroy the information.
Reuters Cyber Security Correspondent, Dustin Volz.>> The amount of money paid to this hacker, $100,000 we were told, is an enormous sum compared to what's average. And also that Uber should have known, according to some security researchers, that this really wasn't a traditional bug bounty, that there were more concerns about this hacker and who he was.
People that we talked to, however, that are familiar with the handling of the breach said that it was treated this way because they wanted to protect the data. They felt that communicating with the hacker and paying him $100,000 was the best way to secure it from potential malicious use.
And to help identify ultimately who it would be, to hopefully prevent him from trying to spill it elsewhere or do more hacks of this nature.>> Reuters was unable to establish the identity of the hacker or another person whose sources said helped him, and Uber spokesmen declined comments.
Newly appointed CEO, Dara Khosrowshahi, fired two of Uber's top security officials when he announced the breach last month. Saying the incident should have been disclosed to regulators when it was discovered a year before. It's unclear who made the final call to authorize the payment and to keep the breach secret.
Those sources telling Reuters then CEO, Travis Kalanick, was aware of the breach and payment in November of last year.>> The disclosure of this hack, of course, comes at a time when Uber has new leadership that's trying to assert control over the company and do away with some of the previous behavior that occurred under the founder and previous CEO, Travis Kalanick.
The hack is certainly damaging for Uber, and this sort of crystallizes a reputation that the company has had for a while now, for not appropriately caring about user privacy, not being transparent enough about how their app works and what happens to the data. So this is not good for the new leadership that's come in to try to right the ship so to speak there.