"Hackers Plead Guilty to Breach That Uber Covered up"

The inviduals who were in charge of the the 2016 data breach of Uber, Brandon Charles Glover, 26, of Florida, and Vasile Mereacre, 23, of Toronto, pleaded guilty last week to stealing the companies' personal information that was stored on Amazon Web Services from October 2016 to January 2017 and then demanding money to destroy their copies of the data.  The data of 57 million drivers and customers were stolen in the 2016 data breach. Uber not only kept the breach secret from the victims, but they also paid $100,000 in hush/delete-the-data money, as in, $50,000 to each of the two crooks.  It wasn’t until 10 months later, in November 2017, that Uber told riders and drivers that it had lost control of their personal information and that the data had been breached.  The company not only hid the breach from those affected, but also from the Federal Trade Commission (FTC).  Both the 2014 and the 2016 hacks were made possible by the same exact security fail: in both breaches, Uber’s engineers left the keys of Amazon Web Services S3 cloud servers, sitting around, publicly available, on GitHub.

Naked Security reports: "Hackers Plead Guilty to Breach That Uber Covered up"