Season 2 of “Axios on HBO” airs Sundays at 6pm ET/PT. Keep up to date with Axios AM:

Stories

Uber paid 20-year-old hacker to destroy data breach information

The Uber app
An Uber user opens the app on a smartphone. Photo: Kirsty Wigglesworth / AP

Uber paid a 20-year-old man in Florida $100,000 to destroy data from 57 million passengers and 600,000 drivers that he'd stolen in a 2016 breach, Reuters reports, citing sources familiar with the events. Reuters was unable to establish the identity of the hacker.

The backdrop: On Nov. 21, Uber announced that it had paid a hacker to delete stolen data, but did not specify who was paid, or how. The man was paid through a "bug bounty" program companies use to pay hackers to test their software for vulnerabilities, although it appears that the hacker stole the information first and was then retroactively entered into the bug bounty.

It's still not clear who made the decision to pay the hacker and keep the breach quiet. Then-CEO Travis Kalanick is said to have known about the data breach and the payment to the hacker in November 2016, as did chief security officer Joe Sullivan (who was fired last month, following an investigation that first alerted Uber's board to the hack).

Uber