However, we all know very well that technological start-ups spend millions of dollars to find bugs in their apps, but sometimes that is not enough. Uber, the private driver and cab service company that has become an alternative to the taxi has a staff of 200 security experts dedicated solely to look for bugs and exploits that endanger the private and billing information of its customers. These 200 experts were not able to find a security bug that did locate an Indian hacker, as earlier we have reported. This bug allowed free travel with Uber cab anywhere in the world, without limitations. Luckily Anand Prakash is an honest hacker, a security expert who makes a living by finding bugs in third-party applications and collects rewards or you can say bug bounty as well for it. He immediately warned Uber and charged them $10,000. Now, it turns out that a 20-year-old boy from Florida, with the help of another, violated Uber’s system last year and the company paid him a large sum of money to destroy the data and keep the incident a secret. Last week, Uber a global transportation technology company headquartered in San Francisco, California, United States announced that a massive data breach in October 2016 exposed personal data of 57 million customers and drivers and to hide the incident the global transportation technology company, of course, Uber paid two hackers $100,000 in ransom to destroy all the information. However, the global transportation technology company, Uber on board did not reveal identities or any information about the hackers or how the payment was made.
What really happened?
Now, two unknown sources familiar with the incident have told Reuters that the global transportation technology company Uber paid Florida’s hacker through the HackerOne platform, a service that helps companies solve vulnerabilities in their systems and awards rewards to hackers. The name of this hacker and his assistant have not transcended. The global transportation technology company Uber and HackerOne know the true identity of the hacker but decided not to continue with any demand, since the individual did not seem to represent any future threat to the company. The source also claims that the computer of the hacker in question was subjected to a forensic analysis to ensure that all the data had been deleted and that a non-disclosure contract was signed to prevent future illicit acts. The hacker was in possession of 57 million user mobile phone numbers and exposed the data of 600,000 drivers, including their driver’s license numbers as well. So, what do you think about this incident? Simply share all your views and thoughts in the comment section below.