According to the thenextweb report, Uber has used Bitcoin to pay ransoms to hackers holding sensitive data, according to court documents.
Image source:
- China's first 5G+ blockchain folk technology open source community and 5G chain network engineering task force will be officially launched
- The financial structure of the Ethereum Ecology: How does it work?
- Handwriting 丨 Joseph Lubin: The three major transformation directions of Ethereum and the moat
- Lightning network has security risks, users need to update the client as soon as possible
- How to understand "token economics"?
- The World Blockchain Conference closed, we discovered these new phenomena
The two men eventually pleaded guilty to the indicted computer hacker and extortion charges, which also led to a long legal proceedings, and Uber and LinkedIn's training site Lynda.com paid a high data breach.
Hackers hack into their servers by logging in to customer information using Amazon Web Services logins belonging to Uber and Lynda.com employees.
Then they contacted the two companies and blackmailed them for hundreds of dollars worth of bitcoin.
At the time, Uber agreed to pay $100,000 in cryptocurrency. The money was paid through the tech giant's HackerOne bug bounty program, which asked hackers to sign a non-disclosure agreement to prevent them from using the data and publicly revealing security holes.
Last year, Vasile Mereacre from Canada and Brandon Glover from Florida were sued after stealing information on 55,000 accounts from Lynda.com. Unlike Uber, Lynda.com refused to pay the ransom.
It was later discovered that the two men were the perpetrators of the 2016 Uber invasion, which revealed data on 57 million users.
Uber kept this security breach for more than a year until November 2017, when its new leadership realized this concealment and decided to make it public.
As a result, Uber was fined $148 million and must undergo a 20-year privacy audit.
Uber also fired its chief security officer, Joe Sullivan, who carefully planned payments to hackers but did not alert corporate users about security breaches.
The New York Times said that the two men, who are scheduled to be sentenced next year, may face a maximum sentence of up to five years in federal prisons and may be fined up to $250,000.