Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Hackers Plead Guilty in Data Breach that Uber Covered Up

Uber Discloses Massive Hack

Uber Discloses Massive Hack

Two computer hackers have pleaded guilty to concocting an extortion scheme that entangled Uber in a yearlong cover-up of a data breach that stole sensitive information about 57 million of the ride-hailing service’s passengers and drivers.

The pleas entered Wednesday in a San Jose, California, federal court by Brandon Charles Glover and Vasile Mereacre resurrected another unseemly episode in Uber’s checkered history.

Glover, 26, and Mereacre, 23, acknowledged stealing personal information from companies that was stored on Amazon Web Services from October 2016 to January 2017 and then demanding to be paid to destroy the data.

Uber met the hackers’ demand with a $100,000 payment, but waited until November 2017 to reveal that the personal information of both its riders and drivers around the world had fallen into the hands of criminals.

U.S. Attorney David Anderson ripped into Uber for not immediately alerting authorities about the loss of so much personal information that could have been used for identity theft and other malicious purposes.

“Companies like Uber are the caretakers, not the owners, of customers’ personal information,” Anderson said in a statement.

Uber declined to comment on the guilty pleas and Anderson’s criticism.

The San Francisco company has previously said it mishandled the data breach. By the time Uber came clean about the incident, it had ousted its co-founder, Travis Kalanick, as CEO. Dara Khosrowshahi was then brought in to replace Kalanick and burnish an image that had been tarnished by revelations of rampant sexual harassment within Uber’s ranks , attempts to dupe government regulators and accusations of stealing self-driving car technology.

Advertisement. Scroll to continue reading.

As part of their scheme, Glover and Mereacre also tried to blackmail Lynda.com, part of professional networking service LinkedIn, according to authorities. Instead of meeting those demands, LinkedIn tried to identify the extortionists, the government said.

The two men each face up to five years and prison and a $250,000 fine. A status conference about their sentencing has been scheduled for March 18 before U.S. District Judge Lucy Koh.

RelatedUber Hacked: Information of 57 Million Users Accessed in Covered-Up Breach

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Cybercrime

Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...