top | item 15866848

(no title)

hitgeek | 8 years ago

this seemed like a bug bounty from the beginning, and the media was disingenuous to spin it like blackmail.

if there was no evidence that any data was actually compromised, I'm not sure I see a reason why they would need to disclose this to the public.

discuss

cag_ii|8 years ago

> Uber received an email last year from an anonymous person demanding money in exchange for user data ...

Doesn't sound like a typical bug bounty to me.

dsacco|8 years ago

That sounds more like you’ve never been on the receiving end of a bug bounty program :)

unknown|8 years ago

[deleted]

denzil_correa|8 years ago

A data breach isn’t a big bounty.

IncRnd|8 years ago

It doesn't matter if this was a bug bounty or not. It doesn't matter whether blackmail occurred.

The difficulty for Uber is that the existence of this a bug was kept a secret from the public, whose information may have been stolen. Nobody knows that this bug was not exploited by other parties.

goialoq|8 years ago

> the personal data of 57 million passengers and 600,000 drivers were stolen in a breach that occurred in October 2016, and that it paid the hacker $100,000 to destroy the information