Every day releases more information about the amazing 57 million data hack attack on Uber during October 2016. The latest information shows that the hacker was a 20-year-old from Florida. It also presents us with a clearer picture of how the mess was handled. It seems that Uber uses HackerOne, a security breach software analysis program that is used by companies to check their data security and how their open systems are protected and can be protected.
Uber has what is termed a "bug bounty program" this is where hackers are paid to test the security of Uber's servers and data. Uber paid the hacker from Florida through this program in order to keep the instance from being noticed.
Just to clarify some technical issues for readers not familiar with the terminology, Hackers are professional software experts in detecting security issues, they can be good "white hat" and are employed to check and test system security or they can be bad "black hat" or malicious "cracker."
Uber’s CEO at the time of the attack was Travis Kalanick, and he was aware of the attack as well as the payment of $100,000 to the hacker as well as fired two employees that were involved in the vulnerability of Uber’s system.
Just to rehash what has been reported; Uber stated that a year ago it had undergone a hacker attack that had taken 57 million passengers and drivers account information, only deleting the data after Uber paid him $100,000. The breach itself was an important issue to divulge as and when it happened, the fact that Uber kept it secret for over one year is of major concern. What is even more problematic is that it came only a few months after a previous attack and that Uber had promised to tighten up its security. So, questions arise as to the true nature of your account security in Uber's systems.
During October 2016, the hacker managed to access Uber's servers and download 57 million passenger details and 600K driver account details including their driving license numbers. The 20-year-old cracker then demanded $100,000 for the destruction of the data which Uber paid. Uber also withheld the attack information from the public which is in direct violation of 48 States regulations as well as Federal laws.