Uber, the ride-hailing smartphone app, paid a Florida hacker $100,000 to destroy data in the company’s 2016 hack that resulted in the breach of 57 million users, Reuters reported.
The hacker was described as a 20-year-old man in the report. The rideshare company did not disclose any more information.
Dara Khosrowshahi, Uber’s CEO, announced the breach last month and terminated two top security officials. He said the incident should have been disclosed to regulators at the time it was discovered last year, Reuters reported.
Sources told Reuters that then-CEO Travis Kalanick was aware of the breach and “bug bounty” payment in November of last year. Uber’s “bug bounty” service, a program known in the industry, is hosted by HackerOne, a company that offers its platform to several tech companies, the report said.
Katie Moussouris, a former HackerOne executive, told Reuters that Uber’s payout and silence at the time was extraordinary under such a program.
“If it had been a legitimate bug bounty, it would have been ideal for everyone involved to shout it from the rooftops,” Moussouris said.
Five states and multiple countries are investigating the matter, The Hill reported.
Uber spokesman Matt Kallman declined to comment to Reuters.