Uber Paid 20-year-old Florida Man To Keep Data Breach Secret (reuters.com) 9
A 20-year-old Florida man was responsible for the large data breach at Uber last year and he was paid by the company to destroy the data through a so-called "bug bounty" program, three people familiar with the events have told Reuters. From the report: Uber announced on Nov. 21 that the personal data of 57 million users, including 600,000 drivers in the United States, were stolen in a breach that occurred in October 2016, and that it paid the hacker $100,000 to destroy the information. But the company did not reveal any information about the hacker or how it paid him the money. Uber made the payment last year through a program designed to reward security researchers who report flaws in a company's software, these people said. Uber's bug bounty service -- as such a program is known in the industry -- is hosted by a company called HackerOne, which offers its platform to a number of tech companies.
Considering we're now talking about the breach they paid to keep secret.
The revenue generated from operating for months without the public knowing about a breach likely made it worth it.
If unethical behavior is proven to be profitable in the face of pathetic slap-on-the-wrist fines, then unethical behavior will be the default behavior. This is the reason we're seeing such a dismantling of ethics in large business today. When doing the wrong thing is worth it, don't expect people to do the right thing.
If this guy was the only one who accessed the data, and he did so under a bug bounty program for which he got paid (and presumably signed an nda) then it's not really a breach at all?
The data was basically accessed by a paid contractor who's under NDA, business as usual and happens all the time.
