Inside Uber’s $100,000 Payment to a Hacker, and the Fallout

Most of all, the hacking and Uber’s response have fueled a debate about whether companies that have crusaded to lock up their systems can scrupulously work with hackers without putting themselves on the wrong side of the law.


A hacker informed Uber of a major vulnerability in November 2016. The company disclosed the breach a year later.

Dave Sanders for The New York Times

Uber is illustrative of a breed of company that aimed to bulletproof its security. While many corporations were for years blissfully unaware of hackers penetrating their systems, Uber and others recruited former law enforcement and intelligence analysts and installed layers of technical defenses and password security. They joined other companies in embracing the same hackers they once treated as criminals, shelling out bug bounties as high as $200,000 to report flaws.

Yet since the fallout from Uber’s disclosure, Silicon Valley companies have taken a harder look at their bounty…

Full story here



Please enter your comment!
Please enter your name here