The media outlet said it obtained the information from “three people familiar with the event.”
Personal Info Breached
Bloomberg earlier reported about the breach in Uber’s system that happened in October last year and that the ride-hailing company kept it from the public.
The hacker accessed personal information consisting of names, email addresses and phone numbers of 50 million riders worldwide and seven million drivers.
Uber paid the hacker $100,000 to delete the personal information and keep silent about the matter.
Following Uber’s revelation about the hack, governments worldwide conducted investigations into Uber’s response to the breach.
Bug Bounty Program
Reuters’ sources revealed that the $100,000 was paid via a “bug bounty” program that was designed to reward people who pinpoint and report security flaws in a company’s software.
The publication said Uber’s “bug bounty” service is hosted by a firm called HackerOne, which also serves other tech firms
Reuters, however, was unable to get the name of the hacker and his accomplice.
Matt Kallman, a spokesperson for Uber, refused to comment on the Reuters report.
Reuters said it was unclear who authorized the payment to the hacker but then-Uber chief executive CEO Travis Kalanick knew about the breach and bug bounty payment made in November 2016.
Kalanick resigned as Uber CEO in June and according to his spokesman, the former Uber boss did not want to say anything about the Reuters report.
One of Reuters’ sources said the hacker lived in a small home with his mother and was “trying to help pay the bills.
The source also said Uber’s security team did not want to pursue prosecution of the hacker because he did not pose any further threat.
Now that the Uber hacker has been revealed, should he be prosecuted?
Share your thoughts about this most recent development on the Uber cyberattack by commenting below.