> The hacker, who provided screenshots of internal Uber systems to demonstrate his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the company had weak security. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.
Seems like a nice kid. I hope he doesn't get caught in litigations.
If you ever discover vulnerabilities, responsible disclosure seems like the only way to try to keep yourself out of trouble and even then only if ignorant people in the company/lawmakers won't misconstrue what has happened and want to put you in jail regardless.
Going on the company Slack, announcing that you're a hacker who has stolen data and finishing your messages with something negative about the company does not seem to be a good way of doing that:
> Hi @here
> I announce i am a hacker and uber has suffered a data breach.
> Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from phabricator have also been stolen, along with secrets from sneakers.
> #uberunderpaisdrives
That feels like opening yourself up to being treated as a criminal, especially if you post about it elsewhere (like social media) and the "breach" gets attention, which might negatively impact the stock price of the company in question.
It's good that many companies out there have bug bounties and hopefully InfoSec will be improved as a consequence of this, but there are better ways about achieving the same result, without putting yourself at so much risk.
I am kind of skeptical - the original author of the GTA 6 leak left a Telegram username to contact him, but that Telegram account was only registered today/yesterday (ID 5731422660), so it might as well be someone else who's trying to impersonate that Uber hacker.
Or it could simply be that his older account got lost/blocked/something else so he made a new one :)
Bayart|3 years ago
Seems like a nice kid. I hope he doesn't get caught in litigations.
KronisLV|3 years ago
If you ever discover vulnerabilities, responsible disclosure seems like the only way to try to keep yourself out of trouble and even then only if ignorant people in the company/lawmakers won't misconstrue what has happened and want to put you in jail regardless.
Going on the company Slack, announcing that you're a hacker who has stolen data and finishing your messages with something negative about the company does not seem to be a good way of doing that:
> Hi @here
> I announce i am a hacker and uber has suffered a data breach.
> Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from phabricator have also been stolen, along with secrets from sneakers.
> #uberunderpaisdrives
That feels like opening yourself up to being treated as a criminal, especially if you post about it elsewhere (like social media) and the "breach" gets attention, which might negatively impact the stock price of the company in question.
It's good that many companies out there have bug bounties and hopefully InfoSec will be improved as a consequence of this, but there are better ways about achieving the same result, without putting yourself at so much risk.
10x_contrarian|3 years ago
unknown|3 years ago
[deleted]
i_like_apis|3 years ago
Not even grey hat activity.
Tiberium|3 years ago
Or it could simply be that his older account got lost/blocked/something else so he made a new one :)