Security & Fraud

Hackers Plead Guilty For Charging Uber To Delete Stolen Data

Uber and LinkedIn targeted

Two hackers pleaded guilty Wednesday (Oct. 30) in federal court on charges that they hacked both Uber and LinkedIn, and then extorted the companies in exchange for deleting the stolen information.

The defendants, Brandon Glover, of Florida, and Vasile Mereacre, of Toronto, Canada, have been released on bond, and are due to be sentenced in March. They have been accused of stealing 57 million Uber user records, including customer and driver data, from Amazon Web Services in November 2016. After three weeks of negotiating, the ride share giant paid the men $100,000 in bitcoin through a third party. Uber then discovered the identity of the hackers, eventually meeting up with both Glover and Mereacre and demanding they sign confidentiality agreements.

Then in December 2016, the men demanded money from LinkedIn’s to delete more than 90,000 stolen records. That communication was cut off one month later when the company started working to identify the hackers.

Glover and Mereacre were able to access the confidential corporate databases on AWS using stolen credentials.

“We’re dealing with the most sophisticated cyber actors in the world,” FBI Special Agent in Charge John F. Bennett said in a statement. “In order to take on those people on the front lines of the cybersecurity battle, we rely heavily on our valued relationships and open dialogue with private sector companies in cyber industries. Their willingness to speedily report intrusions to our investigators allows us to find and arrest those who commit data breaches.”

The men were each charged with one count of conspiracy to commit extortion involving computers, and are facing up to five years in prison and a $250,000 fine.

Uber declined to comment on the court case. A LinkedIn representative said in a statement: “We appreciate the ongoing work by the US Attorney’s office to pursue and bring to justice those responsible for the 2016 breach of Lynda user information. We’re glad to see the resolution of this investigation.”


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.