Hackers plead guilty to extorting Uber
Two men have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com educational platform in 2016 and requesting that these companies pay them bug bounties.
Court documents show that the hackers used a custom-built GitHub account checker tool to test credentials that were leaked on other websites against GitHub’s user base.
Their goal was specifically to attain the GitHub credentials of corporate employees as this would be more likely to provide them with access to accounts with private and sensitive information.
Upon successfully breaching these accounts, the pair would sift through company GitHub pages in an attempt to find AWS credentials – which they would then use to log into the back end of companies’ systems and acquire their sensitive data.
This strategy reportedly gave the pair access to 57 million Uber users’ details, as well as about 90,000 details from Lynda.com.
The pair then used this data to contact these companies and claim that they had uncovered a vulnerability in their systems – requesting that the companies pay them a bug bounty in Bitcoin.
Uber agreed to this request, and paid the pair $100,000 to keep the breach quiet and not to use the data they had attained.
The cover-up was later made public by new Uber executives, and Uber agreed to pay $148 million in a class-action lawsuit settlement for not immediately disclosing the exploit.
The two hackers each face up to five years in prison and a $250,000 fine.
Now read: MTN South Africa grows revenue but loses subscribers
Loading ...