https://arstechnica.com/tech-policy/2022/09/uber-exec-accused-of-disguising-data-breach-extortion-as-bug-bounty/ After the Federal Trade Commission began investigating a massive Uber data breach in 2016, the tech company was hit with another breach that was seemingly just as concerning. Rather than report the second data breach to the FTC and risk further public embarrassment, then-Uber security chief Joe Sullivan consulted with lawyers and then negotiated with the hackers. He allegedly set up a deal under which Uber paid the hackers a $100,000 "bug bounty" to delete the data, then pretended the data breach was part of a planned test of Uber's security and had the hackers sign a nondisclosure agreement.
Is this bad?
Yes, the data was still breached but covered up. The article points out that there was a third party that the hackers shared the data with that was not resolved by the NDA and legal gymnastics. This was a failure to fix a breach. User data was compromised
That’s pretty smart
The data was still breached. 60 million+ user records are in the hands of a third party. It's not smart, it's a manipulative cover up
All you folks saying "this is smart", did you read the article? The hackers shared the data with other people outside of the NDA and ended up pleading guilty in court for the hacking. This is a legitimate breach that was covered up, not a cute legal maneuver
All the people supporting this conduct, you should have invested your life savings in Enron.
The best part of the article…. Made the hackers sign a non disclosure agreement 😂😂😂😂😂😂😂 how would you enforce it?
Exactly, it wasn't enforced because they already gave the data to someone else lol
A lot of CISOs are standing up for JS publicly. It makes it sound like this type of response is common. Looking from a distance, I can’t help but think that there is more to the story. Did JS do some other shady shit, and this is what they caught him for? I’m surprised Travis isn’t in the firing line because he was CEO and was aware of this issue. You think JS is taking the fall for Travis and possibly getting handsomely rewarded?
Honestly, I don’t see the problem with this. He did his job of protecting Uber. The reputation damage he avoided at the time would have been orders of magnitude more than 100k. He also did the right thing by consulting with legal and didn’t do this under the table. I say bravo! It took 6 years for this information to come out. Job well done.
I hope you're being sarcastic. This is criminal conduct and defrauding shareholders as well as customers. Not to mention, the hackers apparently shared the data with some third party before deleting, so the damage isn't contained either.
You're applauding him for saving his own ass, while 60 million+ user records are breached. The user data is way more important than their reputation