Reuters claims that the person responsible for the hack on Uber, in which more than 57 million client and driver records were stolen, is a 20-year old man from Florida "living with his mom [sic] in a small home trying to help pay the bills", according to sources. Visit MarketWatch.com for more information on this news.
The hackers in question were paid $100,000 to delete the information and keep quiet under the guise of the legitimate bug bounty program offered by Uber on the HackerOne bug bounty platform.
In order to cover the attack up, Uber used its bug bounty service hosted by HackerOne.
Uber's $100,000 payout and silence on the matter at the time was extraordinary under such a program, according to Luta Security founder Katie Moussouris, a former HackerOne executive.
Moussouris added that the failure to report the breach was a grievous error: "The creation of a bug bounty program doesn't allow Uber, their bounty service provider or any other company the ability to decide that breach notification laws don't apply to them".
Uber ended up firing its chief security officer Joe Sullivan and attorney Craig Clark over their roles in the data breach, so it looks like the company isn't exactly chuffed with how the situation was handled, even though it has yet to comment on the revelations Reuters' sources have been serving up.
However, according to Reuters, it was one lone wolf - and a young United States citizen at that - who was responsible. The bounty program is meant to reward security researchers who bring bugs to the company's attention so that a fix can be put into place.
Last week, three more top managers in Uber's security unit resigned.