Kidnapping people is too mainstream. How about grabbing some data and demand a ransom in exchange for that?
Last year in October, global transportation technology company, Uber received an email from an anonymous person demanding ransom in exchange for the stolen Uber user database.
Uber, just last week, announced that a massive data breach took place in October 2016 exposing personal data of almost 57 million customers and drivers. To destroy the information and keep the whole incident a secret, the tech giant, Uber paid $100,000 to two hackers.
The key hacker behind the massive Uber data breach turns out to be a 20-year-old boy from Florida. The young hacker, with the help of another person, carried out the entire hack and pwned Uber's system.
The ride-hailing company did not disclose any information about the unknown hackers or how it paid them. But, two unknown sources related to the incident have told Reuters that Uber paid those hackers through HackerOne platform, an online platform that helps companies to host their bug bounty and vulnerability disclosure program. Later, HackerOne has found some identifying information about the recipient via an IRS W-9 or W-8BEN form before payment of the award can be made.
This secret dealing with the hackers eventually cost Uber security executives their jobs for handling the incident. The Uber CEO, Dara Khosrowshahi has fired Uber CSO, Joe Sullivan, and one of his deputies, Craig Clark, who worked to keep the data breach a big secret.
"None of this should have happened, and I will not make excuses for it. While I cannot erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," Khosrowshahi said.