US prosecutors charged Uber’s former security chief with covering up a hack that compromised 57 million users and drivers’ personal details. A criminal complaint accused Federal Trade Commission Joseph Sullivan of trying to hide the hack. He faces a maximum sentence of eight years in prison if he is convicted of accusations of obstructing justice and concealing a criminal offence.
According to the complaint, Sullivan sought to pay off the hackers by funnelling money through a “bug bounty” program that rewards developers for disclosing security vulnerabilities without doing any harm. In December 2016, Uber paid the hackers $100,000 in bitcoin cryptocurrency, with Sullivan asking them to sign non-disclosure agreements agreeing to keep quiet on the affair, prosecutors said. From April 2015 until November 2017, Sullivan, 52, as a chief security officer of Uber. The criminal complaint has many claims. It said Uber’s new chief executive Dara Khosrowshahi, appointed in mid-2017, has been deceived by Sullivan over the breach.
According to Khosrowshahi, two members of the Uber Information Security Team who “led the response” included not alerting users. It is about the data breach from the company in San Francisco. The Uber boss said he had heard that hackers hacked into the company’s cloud-based repository for data. Also, accessed a “huge” amount of data.
Stolen files included names, email addresses, and riders’ mobile phone numbers. It is as well as the names and driver license information of some 600,000 drivers, Uber claims. Shortly after it discovers, co-founder and ousts chief Travis Kalanick. This advice of the breach, but it is un-public. It is until Khosrowshahi learns of the incident, according to an AFP source. Two hackers trace by Uber in October 2019 plead guilty. It is to conspiracy charges for computer fraud and face sentencing, prosecutors state.