Thursday, October 10, 2024
HomeCyber AttackFormer Uber CISO Joseph Sullivan Charged for Helping Hackers for 2016 UBER...

Former Uber CISO Joseph Sullivan Charged for Helping Hackers for 2016 UBER Hack

Published on

Recently, the former security chief of Uber, Joseph Sullivan, was Charged for helping hackers for the 2016 UBER hack. He has been charged for encasing up the company’s 2016 security breach, through which hackers hijacked the personal data of 57 million Uber users and the details of 600,000 Uber drivers. 

Joseph Sullivan was Uber’s chief security officer from April 2015 to November 2017. Recently, two hackers have already been pleaded guilty in the plan last year and are anticipating sentencing. 

The criminals charge filed against Joseph Sullivan on Thursday, and they claim that the hackers bestowed the data with a third person, and the third person might have all the data with him.

- Advertisement - EHA

According to the Court file, the DOJ administrators alleged that Sullivan “took cautious steps to hide, divert, and deceive the Federal Trade Commission regarding the 2016 data breach. 

The hackers were arrested and pleaded guilty in October 2019, they got arrested not just for the Uber hack but other offenses on tech businesses also, that followed their successful data breach of the Uber and ensuing payout.

In 2018, Uber Agreed to Pay $148 Million as a Settlement for 2016 Uber data breach which impacts 57 million Uber users around the world and 600,000 drivers names including their license numbers were stolen.

Uber CISO Joseph Sullivan Charged for Helping Hackers

Sullivan allegedly took cautious steps to restrict information regarding the breach from spreading to the FTC. Not only this, but Uber repaid the hackers $100,000 in BitCoin in December 2016, despite that the hackers refused to provide their real names. 

Moreover, Sullivan tried to have the hackers sign non-disclosure contracts, to keep himself safe and clean. The contracts carried a false description that says the hackers did not take or steal any data.  

Uber’s new administration discovered the truth and revealed the breach openly, and they also published it to the FTC, in November 2017. Since then, Uber has acknowledged further government inquiries. 

But Sullivan failed to fulfill the new administration team with essential details regarding the breach. That’s why in August of 2017, Uber nominated a new Chief Executive Officer, and in September 2017, Sullivan notified Uber’s new CEO regarding the 2016 incident via email. 

Sullivan urged his team to serve a summary of the whole data breach, but after he accepted their draft summary, he wrote it. His edits extracted details regarding the data that the hackers had taken. 

He incorrectly stated that payment had been made only after the hackers had been recognized. However, the new Uber CEO revealed all the information regarding the data breach to the public in November 2017. 

Soon after, this disclosure was accompanied by an FBI investigation, they immediately recognized and arrested the hackers, and both of them already pleaded guilty in October 2019.

When the FBI examined the case, they gained access to the company’s private communications; they also began to conjecture the role of Sullivan in enveloping up the 2016 data breach. 

The FBI found information regarding Sullivan and said that he spent two years continuing computer hacking crimes as an assistant before serving as a CISO of Uber. After getting so many allegations and proof against Sullivan, he got arrested by the FBI and taken for further investigation.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...