EPISODE · Jun 12, 2026 · 20 MIN
How Uber Hid a Breach of 57 Million People
from Zero Day Logs · host ZDL
On November 14, 2016, two hackers told Uber they had the personal records of57 million users and drivers. What Uber did next wasn't a breach response — itwas a cover-up: a $100,000 payment disguised as a bug-bounty reward, false NDAs,and a year of silence while a binding FTC order required disclosure. The breachitself was fixable. The concealment became the first criminal conviction of achief security officer.(0:00) The hackers make contact(0:40) The break-in: reused passwords to 57M records(6:45) Disguising the ransom as a bug bounty(10:40) The FTC order that made silence a crime(13:27) The first criminal conviction of a CSO(17:05) The four controls that were missingFree one-page technical breakdown (timeline, attack path, the four missingcontrols): https://zerodaylogs.comSources: U.S. FTC enforcement action and expanded consent decree; New YorkAttorney General settlement; U.S. DOJ charging documents and trial record,United States v. Sullivan; U.S. SEC filings.Zero Day Logs — the real anatomy of security breaches. Measured, sourced,no hype. https://zerodaylogs.com
What this episode covers
On November 14, 2016, two hackers told Uber they had the personal records of 57 million users and drivers. What Uber did next wasn't a breach response — it was a cover-up: a $100,000 payment disguised as a bug-bounty reward, false NDAs, and a year of silence while a binding FTC order required disclosure. The breach itself was fixable. The concealment became the first criminal conviction of a chief security officer. (0:00) The hackers make contact (0:40) The break-in: reused passwords to 57M ...
NOW PLAYING
How Uber Hid a Breach of 57 Million People
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m