According to court documents, 2 men pleaded guilty in a US federal court to charges of hacking as well as extorting companies that comprised Uber and LinkedIn. This brought an end to a long legal dispute that involved data breaches.
Using the Amazon Web Services logins owned by Uber, the hackers got entry into sensitive clients’ information. According to the Nextweb, the two hackers then threatened to delete sensitive data belonging to the two if their demand for money was not met. They also stipulated that they wanted to be paid using Bitcoin.
During that time, Uber reached an agreement with the hackers send them $100k worth of Bitcoin. The transaction went through and Uber demanded that the hackers sign a non-disclosure agreement (NDA) barring them from ever utilizing the information or disclosing the matter to the public.
The two hackers Vasile Mereacre and Brandon Glover were indicted late last year for theft of private information belonging to more than 55,000 accounts from LinkedIn’s owned site Lynda.com. In this case, LinkedIn did not pay hackers like Uber.
It is during the court proceedings that it was discovered that the two men were also responsible for the Uber data breach that occurred in 2016 affecting about 57 million users.
Uber had closely guarded the data breach for more than a year until late last year after a new management was installed and discovered the cover-up. It is then that the public became aware of the breach as Uber was trying to protect its reputation.
Due to the cover-up, Uber has since been fined $148 million and will have to undergo privacy audits for the next 20 years. The company was also forced to dismiss its head of security who organized the payments. The security head did not inform the clients that their accounts were not secure.
The Nextweb reports that the two hackers will be sentenced in 2020 and are likely to serve a 5-year jail term and fines of about $250k.