Latest in Gear

Image credit:

Uber and LinkedIn attackers plead guilty to hacking and extortion

They demanded payment from the companies to delete the data they stole.
Mariella Moon, @mariella_moon
October 31, 2019
1 Shares
Share
Tweet
Share

Sponsored Links

Uber

The hackers who infiltrated Uber's and LinkedIn-owned Lynda.com's Amazon web servers have pleaded guilty in California federal court to charges of computer hacking and extortion conspiracy. Canadian national Vasile Mereacre and Florida resident Brandon Glover were indicted in 2018 for stealing information from LinkedIn training site Lynda.com in a breach that affected 55,000 accounts. It was later revealed that they were also behind a 2016 Uber breach that compromised 57 million users.

The duo has admitted to Judge Lucy Koh that they used Amazon Web Services logins belonging to Uber and Lynda.com employees to access their servers. They also admitted to stealing private customer information and then contacting the companies to extort them for hundreds of thousands of dollars' worth of bitcoin.

When Mereacre and Glover demanded payment from Lynda.com to delete their stolen records, they included a note that said they're expecting a big payment and that they already "helped a big corp which paid close to 7 digits." They were probably talking about Uber, which paid them $100,000 under its bug bounty program and then hunted them down to make them sign non-disclosure agreements. The LinkedIn-owned subsidiary, however, refused to pay, notified their customers about the breach and chose to find a way to identify the hackers instead.

Even though Uber initially chose to keep the incident a secret, it eventually came to light and prompted an FTC investigation. As a result, the ride-hailing giant was slapped with a $148 million fine and had to agree to 20 years of privacy audits -- the company also fired chief security officer Joe Sullivan, who arranged the payments and decided not to alert users about the breach. According to The New York Times, the duo could face a max sentence of up to five years in federal prison and could be fined up to $250,000. They will be sentenced in 2020.

In this article: gear, linkedin, lynda, security, uber
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1 Shares
Share
Tweet
Share

Popular on Engadget

Best Buy slashes 50 percent off TCL's 75-inch 8-series Roku TV

Best Buy slashes 50 percent off TCL's 75-inch 8-series Roku TV

View
WoW's 'Shadowlands' expansion is delayed until later this year

WoW's 'Shadowlands' expansion is delayed until later this year

View
Nintendo agrees to $2 million settlement in Switch hacking lawsuit

Nintendo agrees to $2 million settlement in Switch hacking lawsuit

View
The next 'Super Smash Bros. Ultimate' fighter is Steve from 'Minecraft'

The next 'Super Smash Bros. Ultimate' fighter is Steve from 'Minecraft'

View
Netflix will only stream in 4K to Macs that have a T2 security chip

Netflix will only stream in 4K to Macs that have a T2 security chip

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr