This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.

The bad news keeps piling up for shamed ride-sharing giant Uber. In November, news surfaced that the personal information of roughly 57 million Uber users was hacked. Not only that, but the company confirmed that it had paid the hackers $100,000 to delete the stolen data and keep the breach quiet. Now, we know that the hacker responsible for it all was a 20-year-old Florida man.

Three sources close to the hack confirmed to Reuters that the person responsible for the hack is a 20-year-old living in Florida, however, his identity couldn’t be established. According to the Reuters report, the hacker is described as “living with his mom in a small home trying to help pay the bills.” Members of Uber’s security team reportedly paid the man to confirm his identity and sign a nondisclosure agreement. In addition, those close to the matter said that the company conducted a forensic analysis of his machine to make sure the hacked data had been removed.

The Reuters report details that the Florida hacker paid a second person to access GitHub in an effort to obtain credentials for accessing Uber’s code and data. GitHub said that the incident isn’t the result of security failures on its end.

Uber paid the 20-year-old $100,000 as part of its “bug bounty” program, which the company normally uses to reward people for identifying and reporting vulnerabilities in its software. The hack, which took place in October 2016, included the information such as email addresses and phone numbers of 57 million users, including 600,000 drivers in the US.

Uber spokesman Matt Kallman declined to comment on the identity of the hacker.

At the time of the payout to the hacker, Uber didn’t prosecute him, as the company’s security team didn’t feel that he posed a further threat. Former Uber CEO Travis Kalanick reportedly knew about the hack and the company’s move to pay the hacker in November 2016. Because Kalanick stepped down in June, the company’s new CEO Dara Khosrowshahi took to firing two security officials, believing they should have informed regulators when the hack was discovered. Kalanick declined to comment.

Feature photo by Evelyn Hockstein/For The Washington Post via Getty Images

The best beginner points and miles card out there.
Chase Sapphire Preferred® Card

With great travel benefits, 2x points on travel & dining and a 50,000 point sign up bonus, the Chase Sapphire Preferred is a great card for those looking to get into the points and miles game. Here are the top 5 reasons it should be in your wallet, or read our definitive review for more details.

Apply Now
More Things to Know
  • Earn 50,000 bonus points after you spend $4,000 on purchases in the first 3 months from account opening. That's $625 toward travel when you redeem through Chase Ultimate Rewards®
  • Chase Sapphire Preferred® named a 'Best Travel Credit Card' by MONEY® Magazine, 2016-2017
  • 2X points on travel and dining at restaurants worldwide & 1 point per dollar spent on all other purchases.
  • Earn 5,000 bonus points after you add the first authorized user and make a purchase in the first 3 months from account opening
  • No foreign transaction fees
  • 1:1 point transfer to leading airline and hotel loyalty programs
  • Get 25% more value when you redeem for travel through Chase Ultimate Rewards. For example, 50,000 points are worth $625 toward travel.
  • No blackout dates or travel restrictions - as long as there's a seat on the flight, you can book it through Chase Ultimate Rewards
Intro APR on Purchases
N/A
Regular APR
17.49% - 24.49% Variable
Annual Fee
$0 Intro for the First Year, then $95
Balance Transfer Fee
Either $5 or 5% of the amount of each transfer, whichever is greater.
Recommended Credit
Excellent Credit

Editorial Disclaimer: Opinions expressed here are author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.