Uber exec accused of disguising data-breach extortion as “bug bounty”

Uber exec accused of disguising data-breach extortion as “bug bounty”

Enlarge (credit score: JOSH EDELSON / Contributor | AFP)

After the Federal Commerce Fee started investigating a large Uber information breach in 2016, the tech firm was hit with one other breach that was seemingly simply as regarding. Reasonably than report the second information breach to the FTC and threat additional public embarrassment, then-Uber safety chief Joe Sullivan consulted with attorneys after which negotiated with the hackers. He allegedly arrange a deal beneath which Uber paid the hackers a $100,000 “bug bounty” to delete the info, then pretended the info breach was a part of a deliberate check of Uber’s safety and had the hackers signal a nondisclosure settlement.

Now, Sullivan faces prison obstruction expenses, and The Wall Road Journal studies that his case has raised alarms for tech firm safety chiefs all over the place, who assume Sullivan should not be taking the autumn for Uber. One former safety chief from AT&T, Edward Amoroso, informed the Journal that “many prime safety officers imagine” that Sullivan “did nothing unsuitable.”

Amoroso argued that by criminalizing reporting selections of safety chiefs like Sullivan, the US Division of Justice dangers setting again all the safety occupation. He mentioned the controversy was finest left as much as safety communities, not a courtroom, to determine who’s accountable. Ars could not instantly attain Amoroso for extra remark.

Learn 13 remaining paragraphs | Feedback

Related Posts

Leave a Reply

Your email address will not be published.