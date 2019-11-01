Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Two Plead Guilty to Uber and Lynda.com Hacks

Two North American men have pleaded guilty to hacking and extorting Uber and LinkedIn’s Lynda.com business, compromising data on tens of millions of users in the process.

Brandon Charles Glover, 26, of Winter Springs, Florida, America, and Vasile Mereacre, 23, of Toronto, Canada, pleaded guilty to one charge each of conspiracy to commit extortion involving computers. They will likely face a five-year stretch in jail and fine of $250,000 as a result.

The two are said to have used a custom-built GitHub account checker tool to try a number of already breached corporate credentials and see if they unlocked accounts on the developer site. After accessing several accounts belonging to Uber employees, they found AWS credentials which unlocked the online taxi firm’s AWS S3 data stores.

Using an encrypted ProntonMail address, they then contacted Uber’s CSO, claiming to have found a vulnerability in its systems and demanding payment in return for deletion of the compromised customer and driver data — which ran into 57 million records.

Uber eventually agreed, paying them the requested $100,000 in Bitcoin through its HackerOne account and then covering up the incident, until a new CEO decided to come clean in 2017.

Emboldened by their success, Glover and Mereacre then obtained access to 90,000 Lynda.com accounts via the online education firm’s AWS S3 account, and tried the same extortion trick, according to court documents.

However, this time the firm went public with the breach.

The two incidents almost read like a case study in the right and wrong ways to handle a breach-related extortion demand.

In the case of Uber, it ended up settling with the US government to the tune of $148m, whilst paying a £385,000 fine to the UK’s Information Commissioner’s Office (ICO). It’s lucky to have escaped the wrath of GDPR regulators, given that 2.7 million British customers and drivers were affected by the breach.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

North Korean Malware Found at Indian Nuke Plant

2
News

AWS Left Reeling After Eight-Hour DDoS

3
News

Major Cyber-Attack on APAC Ports Could Cost $110bn

4
News

#ISC2Congress: Astronaut Email Scam Raises a Laugh

5
News

#ISC2Congress: IoT Devices Pose Off-Network Security Risk

6
News

Facebook Removes Russian Networks Targeting African Users

1
Blog

Security by Sector: FireEye and Claroty Team Up to Simplify ICS/OT Threat Detection and Response

2
News

Two Plead Guilty to Uber and Lynda.com Hacks

3
News

Twitter Bans Political Ads Ahead of Key UK Election

4
News

#BSidesBelfast: We Need Security Capabilities For Our Whole Lifetime

5
News

ICO to Police: Go Slow on Facial Recognition

6
Opinion

Real ID Driver License Push Could Mean Real Headaches for US State Agencies

1
Webinar

Identifying and Defending Against Advanced and Automated Attacks

2
Webinar

Are You At Risk? Know Your Cybersecurity Posture With Security Ratings

3
Webinar

Make Privileged Access Admin Work and Block Lateral Movement by Attackers

4
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

5
Webinar

The Insider's Motive: Defending Against the 7 Most Common Insider Threats

6
Webinar

Clearing the Path to Software-Defined Segmentation

1
Interview

Interview: Rajan Kapoor, Director of Security, Dropbox

2
Next-Gen

Assessing the Cost Structure of GDPR Compliance Strategies

3
Opinion

Curbing Insider Insecurity

4
News

US Government Agencies Outline Security Strategy for 2020 Election

5
Next-Gen

Registration for CyberCenturion VI Open For Another Week

6
News

Action Fraud Snafu Leaves 9000 Cases Quarantined