Monday, December 4, 2023

Former Uber CISO Joseph Sullivan Charged for Helping Hackers for 2016 UBER Hack

Recently, the former security chief of Uber, Joseph Sullivan, was Charged for helping hackers for the 2016 UBER hack. He has been charged for encasing up the company’s 2016 security breach, through which hackers hijacked the personal data of 57 million Uber users and the details of 600,000 Uber drivers. 

Joseph Sullivan was Uber’s chief security officer from April 2015 to November 2017. Recently, two hackers have already been pleaded guilty in the plan last year and are anticipating sentencing. 

The criminals charge filed against Joseph Sullivan on Thursday, and they claim that the hackers bestowed the data with a third person, and the third person might have all the data with him.

According to the Court file, the DOJ administrators alleged that Sullivan “took cautious steps to hide, divert, and deceive the Federal Trade Commission regarding the 2016 data breach. 

The hackers were arrested and pleaded guilty in October 2019, they got arrested not just for the Uber hack but other offenses on tech businesses also, that followed their successful data breach of the Uber and ensuing payout.

In 2018, Uber Agreed to Pay $148 Million as a Settlement for 2016 Uber data breach which impacts 57 million Uber users around the world and 600,000 drivers names including their license numbers were stolen.

Uber CISO Joseph Sullivan Charged for Helping Hackers

Sullivan allegedly took cautious steps to restrict information regarding the breach from spreading to the FTC. Not only this, but Uber repaid the hackers $100,000 in BitCoin in December 2016, despite that the hackers refused to provide their real names. 

Moreover, Sullivan tried to have the hackers sign non-disclosure contracts, to keep himself safe and clean. The contracts carried a false description that says the hackers did not take or steal any data.  

Uber’s new administration discovered the truth and revealed the breach openly, and they also published it to the FTC, in November 2017. Since then, Uber has acknowledged further government inquiries. 

But Sullivan failed to fulfill the new administration team with essential details regarding the breach. That’s why in August of 2017, Uber nominated a new Chief Executive Officer, and in September 2017, Sullivan notified Uber’s new CEO regarding the 2016 incident via email. 

Sullivan urged his team to serve a summary of the whole data breach, but after he accepted their draft summary, he wrote it. His edits extracted details regarding the data that the hackers had taken. 

He incorrectly stated that payment had been made only after the hackers had been recognized. However, the new Uber CEO revealed all the information regarding the data breach to the public in November 2017. 

Soon after, this disclosure was accompanied by an FBI investigation, they immediately recognized and arrested the hackers, and both of them already pleaded guilty in October 2019.

When the FBI examined the case, they gained access to the company’s private communications; they also began to conjecture the role of Sullivan in enveloping up the 2016 data breach. 

The FBI found information regarding Sullivan and said that he spent two years continuing computer hacking crimes as an assistant before serving as a CISO of Uber. After getting so many allegations and proof against Sullivan, he got arrested by the FBI and taken for further investigation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles