Friday, March 29, 2024

Former Uber CISO Joseph Sullivan Charged for Helping Hackers for 2016 UBER Hack

Recently, the former security chief of Uber, Joseph Sullivan, was Charged for helping hackers for the 2016 UBER hack. He has been charged for encasing up the company’s 2016 security breach, through which hackers hijacked the personal data of 57 million Uber users and the details of 600,000 Uber drivers. 

Joseph Sullivan was Uber’s chief security officer from April 2015 to November 2017. Recently, two hackers have already been pleaded guilty in the plan last year and are anticipating sentencing. 

The criminals charge filed against Joseph Sullivan on Thursday, and they claim that the hackers bestowed the data with a third person, and the third person might have all the data with him.

According to the Court file, the DOJ administrators alleged that Sullivan “took cautious steps to hide, divert, and deceive the Federal Trade Commission regarding the 2016 data breach. 

The hackers were arrested and pleaded guilty in October 2019, they got arrested not just for the Uber hack but other offenses on tech businesses also, that followed their successful data breach of the Uber and ensuing payout.

In 2018, Uber Agreed to Pay $148 Million as a Settlement for 2016 Uber data breach which impacts 57 million Uber users around the world and 600,000 drivers names including their license numbers were stolen.

Uber CISO Joseph Sullivan Charged for Helping Hackers

Sullivan allegedly took cautious steps to restrict information regarding the breach from spreading to the FTC. Not only this, but Uber repaid the hackers $100,000 in BitCoin in December 2016, despite that the hackers refused to provide their real names. 

Moreover, Sullivan tried to have the hackers sign non-disclosure contracts, to keep himself safe and clean. The contracts carried a false description that says the hackers did not take or steal any data.  

Uber’s new administration discovered the truth and revealed the breach openly, and they also published it to the FTC, in November 2017. Since then, Uber has acknowledged further government inquiries. 

But Sullivan failed to fulfill the new administration team with essential details regarding the breach. That’s why in August of 2017, Uber nominated a new Chief Executive Officer, and in September 2017, Sullivan notified Uber’s new CEO regarding the 2016 incident via email. 

Sullivan urged his team to serve a summary of the whole data breach, but after he accepted their draft summary, he wrote it. His edits extracted details regarding the data that the hackers had taken. 

He incorrectly stated that payment had been made only after the hackers had been recognized. However, the new Uber CEO revealed all the information regarding the data breach to the public in November 2017. 

Soon after, this disclosure was accompanied by an FBI investigation, they immediately recognized and arrested the hackers, and both of them already pleaded guilty in October 2019.

When the FBI examined the case, they gained access to the company’s private communications; they also began to conjecture the role of Sullivan in enveloping up the 2016 data breach. 

The FBI found information regarding Sullivan and said that he spent two years continuing computer hacking crimes as an assistant before serving as a CISO of Uber. After getting so many allegations and proof against Sullivan, he got arrested by the FBI and taken for further investigation.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles