Hackers plead guilty in data breach that Uber covered up
Advertisement
Read this article for free:
or
Already have an account? Log in here »
We need your support!
Local journalism needs your support!
As we navigate through unprecedented times, our journalists are working harder than ever to bring you the latest local updates to keep you safe and informed.
Now, more than ever, we need your support.
Starting at $15.99 plus taxes every four weeks you can access your Brandon Sun online and full access to all content as it appears on our website.
Subscribe Nowor call circulation directly at (204) 727-0527.
Your pledge helps to ensure we provide the news that matters most to your community!
To continue reading, please subscribe:
Add Brandon Sun access to your Free Press subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $20.00 plus GST for four weeks. After four weeks, your payment will increase to $24.00 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 30/10/2019 (2228 days ago), so information in it may no longer be current.
SAN JOSE, Calif. – Two computer hackers have pleaded guilty to concocting an extortion scheme that entangled Uber in a yearlong coverup of a data breach that stole sensitive information about 57 million of the ride-hailing service’s passengers and drivers.
The pleas entered Wednesday in a San Jose, California, federal court by Brandon Charles Glover and Vasile Mereacre resurrected another unseemly episode in Uber’s checkered history.
Glover, 26, and Mereacre, 23, acknowledged stealing personal information from companies that was stored on Amazon Web Services from October 2016 to January 2017 and then demanding to be paid to destroy the data.
Uber met the hackers’ demand with a $100,000 payment, but waited until November 2017 to reveal that the personal information of both its riders and drivers around the world had fallen into the hands of criminals.
U.S. Attorney David Anderson ripped into Uber for not immediately alerting authorities about the loss of so much personal information that could have been used for identity theft and other malicious purposes.
“Companies like Uber are the caretakers, not the owners, of customers’ personal information,” Anderson said in a statement.
Uber declined to comment on the guilty pleas and Anderson’s criticism.
The San Francisco company has previously said it mishandled the data breach. By the time Uber came clean about the incident, it had ousted its co-founder, Travis Kalanick, as CEO. Dara Khosrowshahi was then brought in to replace Kalanick and burnish an image that had been tarnished by revelations of rampant sexual harassment within Uber’s ranks , attempts to dupe government regulators and accusations of stealing self-driving car technology .
As part of their scheme, Glover and Mereacre also tried to blackmail Lynda.com, part of professional networking service LinkedIn, according to authorities. Instead of meeting those demands, LinkedIn tried to identify the extortionists, the government said.
The two men each face up to five years and prison and a $250,000 fine. A status conference about their sentencing has been scheduled for March 18 before U.S. District Judge Lucy Koh.