Latest in Gear

Image credit:

Uber and LinkedIn attackers plead guilty to hacking and extortion

They demanded payment from the companies to delete the data they stole.
Mariella Moon, @mariella_moon
October 31, 2019
1 Shares
Share
Tweet
Share

Sponsored Links

Uber

The hackers who infiltrated Uber's and LinkedIn-owned Lynda.com's Amazon web servers have pleaded guilty in California federal court to charges of computer hacking and extortion conspiracy. Canadian national Vasile Mereacre and Florida resident Brandon Glover were indicted in 2018 for stealing information from LinkedIn training site Lynda.com in a breach that affected 55,000 accounts. It was later revealed that they were also behind a 2016 Uber breach that compromised 57 million users.

The duo has admitted to Judge Lucy Koh that they used Amazon Web Services logins belonging to Uber and Lynda.com employees to access their servers. They also admitted to stealing private customer information and then contacting the companies to extort them for hundreds of thousands of dollars' worth of bitcoin.

When Mereacre and Glover demanded payment from Lynda.com to delete their stolen records, they included a note that said they're expecting a big payment and that they already "helped a big corp which paid close to 7 digits." They were probably talking about Uber, which paid them $100,000 under its bug bounty program and then hunted them down to make them sign non-disclosure agreements. The LinkedIn-owned subsidiary, however, refused to pay, notified their customers about the breach and chose to find a way to identify the hackers instead.

Even though Uber initially chose to keep the incident a secret, it eventually came to light and prompted an FTC investigation. As a result, the ride-hailing giant was slapped with a $148 million fine and had to agree to 20 years of privacy audits -- the company also fired chief security officer Joe Sullivan, who arranged the payments and decided not to alert users about the breach. According to The New York Times, the duo could face a max sentence of up to five years in federal prison and could be fined up to $250,000. They will be sentenced in 2020.

In this article: gear, linkedin, lynda, security, uber
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1 Shares
Share
Tweet
Share

Popular on Engadget

Get ready to raid 'Ghost of Tsushima' on October 30th

Get ready to raid 'Ghost of Tsushima' on October 30th

View
'Uncharted' set photos offer our first look at Tom Holland as Nathan Drake

'Uncharted' set photos offer our first look at Tom Holland as Nathan Drake

View
'If Found...' brings queer '90s nostalgia to Nintendo Switch today

'If Found...' brings queer '90s nostalgia to Nintendo Switch today

View
Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View
Amazon Echo (2020) review: Small in stature, mighty in sound

Amazon Echo (2020) review: Small in stature, mighty in sound

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr