Latest in Gear

Image credit: Uber

Uber and LinkedIn attackers plead guilty to hacking and extortion

They demanded payment from the companies to delete the data they stole.
101 Shares
Share
Tweet
Share
Save

Sponsored Links

Uber

The hackers who infiltrated Uber's and LinkedIn-owned Lynda.com's Amazon web servers have pleaded guilty in California federal court to charges of computer hacking and extortion conspiracy. Canadian national Vasile Mereacre and Florida resident Brandon Glover were indicted in 2018 for stealing information from LinkedIn training site Lynda.com in a breach that affected 55,000 accounts. It was later revealed that they were also behind a 2016 Uber breach that compromised 57 million users.

The duo has admitted to Judge Lucy Koh that they used Amazon Web Services logins belonging to Uber and Lynda.com employees to access their servers. They also admitted to stealing private customer information and then contacting the companies to extort them for hundreds of thousands of dollars' worth of bitcoin.

When Mereacre and Glover demanded payment from Lynda.com to delete their stolen records, they included a note that said they're expecting a big payment and that they already "helped a big corp which paid close to 7 digits." They were probably talking about Uber, which paid them $100,000 under its bug bounty program and then hunted them down to make them sign non-disclosure agreements. The LinkedIn-owned subsidiary, however, refused to pay, notified their customers about the breach and chose to find a way to identify the hackers instead.

Even though Uber initially chose to keep the incident a secret, it eventually came to light and prompted an FTC investigation. As a result, the ride-hailing giant was slapped with a $148 million fine and had to agree to 20 years of privacy audits -- the company also fired chief security officer Joe Sullivan, who arranged the payments and decided not to alert users about the breach. According to The New York Times, the duo could face a max sentence of up to five years in federal prison and could be fined up to $250,000. They will be sentenced in 2020.

In this article: gear, linkedin, lynda, security, uber
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
101 Shares
Share
Tweet
Share
Save

Popular on Engadget

YouTube's AI docuseries with Robert Downey Jr arrives on December 18th

YouTube's AI docuseries with Robert Downey Jr arrives on December 18th

View
PC gamers: Rate and review the RTX 2060 Super or 2070 Super

PC gamers: Rate and review the RTX 2060 Super or 2070 Super

View
Google Assistant's interpreter mode is coming to iOS and Android

Google Assistant's interpreter mode is coming to iOS and Android

View
'Fortnite' adds split-screen multiplayer on PS4 and Xbox One

'Fortnite' adds split-screen multiplayer on PS4 and Xbox One

View
Mighty's iPod Shuffle for Spotify now works with Amazon Music

Mighty's iPod Shuffle for Spotify now works with Amazon Music

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr