The two hackers who stole millions of users’ data from Uber have also been indicted with separate hacking charges of online learning portal Lynda, a report has revealed.
Florida resident Brandon Glover and Canadian citizen Vasile Mereacre were the instigators of the massive Uber breach in 2016 and were notably indicted earlier this month in Florida on federal hacking and extortion charges for stealing private information on over 50,000 Lynda users’ accounts, TechCrunch reports.
A recently unsealed document has revealed that the FBI was considering Mereacre’s extradition from Canada, before learning he was due to fly to Miami on October 16. After landing, he was promptly arrested by FBI agents before making an appearance in court, where his indictment was unsealed.
According to the document, the two hackers infiltrated Lynda’s Amazon web server (AWS) to steal information before attempting to extort the company via its own bug bounty program on HackerOne. The LinkedIn-owned subsidiary was told that they, under fake identities, were able to “access backups upon backups”.
“Please keep in mind, we expect a big payment as this was hard work for us, we already helped a big corp which paid close to 7 digits, all went well,” their email read.
The hackers used a similar mechanism to get Uber to shell out $100,000 for the data breach back in 2016. According to the documents, they managed to infiltrate Uber’s Amazon web server by using the credentials of an Uber engineer found in a GitHub repository.
Uber, of course, hid the breach from users and authorities before it was slapped with a $148 million fine in addition to 20 years of privacy audits.
Image credit: Pixabay.