Bug bounties (where compensation is offered to hackers who find vulnerabilities) are commonplace within tech circles — everyone from Apple to Samsung utilizes them. And, while highly-publicized rewards of up to $200,000 are the norm, it’s rare that the largest sum is dispensed to any one person. Making Uber’s $100,000 silent payout an all-time record for HackerOne, the firm that hosts Uber’s bug bounty program, according to a former exec who spoke to Reuters.
The Florida hacker, described in the report as “living with his mom,” reportedly paid a second individual for help accessing GitHub’s resources to procure credentials for Uber data stored elsewhere.
Upon divulging the breach last month, the company fired chief security officer Joe Sullivan and one of his deputies, senior lawyer Craig Clark, for covering up the breach. But Reuters sources claim the coverup went straight to the top of the food chain to former CEO Travis Kalanick. Both Uber and Kalanick refused to comment.