Security & Fraud

Hackers Plead Guilty For Charging Uber To Delete Stolen Data

Uber and LinkedIn targeted

Two hackers pleaded guilty Wednesday (Oct. 30) in federal court on charges that they hacked both Uber and LinkedIn, and then extorted the companies in exchange for deleting the stolen information.

The defendants, Brandon Glover, of Florida, and Vasile Mereacre, of Toronto, Canada, have been released on bond, and are due to be sentenced in March. They have been accused of stealing 57 million Uber user records, including customer and driver data, from Amazon Web Services in November 2016. After three weeks of negotiating, the ride share giant paid the men $100,000 in bitcoin through a third party. Uber then discovered the identity of the hackers, eventually meeting up with both Glover and Mereacre and demanding they sign confidentiality agreements.

Then in December 2016, the men demanded money from LinkedIn’s to delete more than 90,000 stolen records. That communication was cut off one month later when the company started working to identify the hackers.

Glover and Mereacre were able to access the confidential corporate databases on AWS using stolen credentials.

“We’re dealing with the most sophisticated cyber actors in the world,” FBI Special Agent in Charge John F. Bennett said in a statement. “In order to take on those people on the front lines of the cybersecurity battle, we rely heavily on our valued relationships and open dialogue with private sector companies in cyber industries. Their willingness to speedily report intrusions to our investigators allows us to find and arrest those who commit data breaches.”

The men were each charged with one count of conspiracy to commit extortion involving computers, and are facing up to five years in prison and a $250,000 fine.

Uber declined to comment on the court case. A LinkedIn representative said in a statement: “We appreciate the ongoing work by the US Attorney’s office to pursue and bring to justice those responsible for the 2016 breach of Lynda user information. We’re glad to see the resolution of this investigation.”


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.