Skip to content
Go to Home Page
News

A 20-Year-Old Florida Man Is Reportedly Behind the Massive Uber Hack

Emily McNutt
Emily McNutt
Contributor
Dec. 07, 2017
2 min read
uber-hack-credit-getty
A 20-Year-Old Florida Man Is Reportedly Behind the Massive Uber Hack
The cards we feature here are from partners who compensate us when you are approved through our site, and this may impact how or where these products appear. We don’t cover all available credit cards, but our analysis, reviews, and opinions are entirely from our editorial team. Terms apply to the offers listed on this page. Please view our advertising policy and product review methodology for more information.

The bad news keeps piling up for shamed ride-sharing giant Uber. In November, news surfaced that the personal information of roughly 57 million Uber users was hacked. Not only that, but the company confirmed that it had paid the hackers $100,000 to delete the stolen data and keep the breach quiet. Now, we know that the hacker responsible for it all was a 20-year-old Florida man.

Three sources close to the hack confirmed to Reuters that the person responsible for the hack is a 20-year-old living in Florida, however, his identity couldn't be established. According to the Reuters report, the hacker is described as "living with his mom in a small home trying to help pay the bills." Members of Uber's security team reportedly paid the man to confirm his identity and sign a nondisclosure agreement. In addition, those close to the matter said that the company conducted a forensic analysis of his machine to make sure the hacked data had been removed.

The Reuters report details that the Florida hacker paid a second person to access GitHub in an effort to obtain credentials for accessing Uber's code and data. GitHub said that the incident isn't the result of security failures on its end.

Uber paid the 20-year-old $100,000 as part of its "bug bounty" program, which the company normally uses to reward people for identifying and reporting vulnerabilities in its software. The hack, which took place in October 2016, included the information such as email addresses and phone numbers of 57 million users, including 600,000 drivers in the US.

Uber spokesman Matt Kallman declined to comment on the identity of the hacker.

At the time of the payout to the hacker, Uber didn't prosecute him, as the company's security team didn't feel that he posed a further threat. Former Uber CEO Travis Kalanick reportedly knew about the hack and the company's move to pay the hacker in November 2016. Because Kalanick stepped down in June, the company's new CEO Dara Khosrowshahi took to firing two security officials, believing they should have informed regulators when the hack was discovered. Kalanick declined to comment.

Daily Newsletter
Reward your inbox with the TPG Daily newsletter
Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

Feature photo by Evelyn Hockstein/For The Washington Post via Getty Images

Featured image by The Uber driver app on the windshield of former Washington Flyer taxi driver Ali Jaghori. Jaghori now drives soley for UberX. Thousands of local car owners have signed up in recent months to drive with one of the "ride-share" operators that use smartphone apps to link people needing rides with car owners willing to give them, for a price. Photo by Evelyn Hockstein/For The Washington Post via Getty Images