2 Plead Guilty in 2016 Uber and Lynda.com Hacks

Source: New York Times



SAN FRANCISCO — Two men pleaded guilty in federal court in San Jose, Calif., to charges of computer hacking and an extortion conspiracy on Wednesday, capping a thorny legal saga that ensnared tech companies like Uber and LinkedIn in data breach scandals. The resolution of the case comes as Americans grapple with theft and misuse of their personal information amid serious data breaches at companies from Facebook and Equifax to Target and Marriott over the past decade.

Lynda.com, which is owned by LinkedIn, disclosed to its users in December 2016 that it had a data breach. Officials said some 55,000 accounts were affected, and the company warned another 9.5 million customers about the breach. The Uber breach affected more than 57 million people, as the hackers gained access to the names, phone numbers and email addresses of riders and drivers who used the service.

On Wednesday, Brandon Glover, a 26-year-old Florida resident, and Vasile Mereacre, a 23-year-old Canadian national, appeared before Judge Lucy Koh of the United States District Court for the Northern District of California. In their plea agreements, the men said that they gained access in 2016 to the private databases of Uber and Lynda.com.

They said they were able to enter by using the credentials of the Amazon Web Services accounts belonging to Uber and Lynda.com employees, and then gain access to the Amazon servers that stored data for those companies. The men said that they then downloaded private customer information, anonymously contacted security officials at the companies and tried to extort them for hundreds of thousands of dollars in bitcoin.

Read more: https://www.nytimes.com/2019/10/30/technology/uber-lyndacom-hacks-guilty-plea.html