Skip to main content

Inside Uber’s $100,000 Payment to a Hacker, and the Fallout

posted onJanuary 15, 2018
by l33tdawg

“Hello Joe,” read the November 2016 email from someone identifying himself as “John Doughs.” “I have found a major vulnerability in Uber.”

The email appeared to be no different from other messages that Joe Sullivan, Uber’s chief security officer, and his team routinely received through the company’s “bug bounty” program, which pays hackers for reporting holes in the ride-hailing service’s systems, according to current and former Uber security employees.

Yet the note and Uber’s eventual $100,000 payment to the hacker, which was initially celebrated internally as a rare win in corporate security, have since turned into a public relations debacle for the company. In November, when Uber disclosed the 2016 incident and how the information of 57 million driver and rider accounts had been at risk, the company’s chief executive since August, Dara Khosrowshahi, called it a “failure” that it had not notified people earlier. Mr. Sullivan and a security lawyer, Craig Clark, were fired.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th