Specifically, the two hackers admitted they were demanding large amounts of money by Companies and promised that if they gave them they would not use them data million customers, which had been stolen at the end of 2016.
On Wednesday, during their trial in California, the two defendants, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto, admitted to using stolen credentials and gained access to systems of companies. Then they stole various data.
Once the data was available, they contacted the companies to report the vulnerabilities and asked for money.
"I was able to access copies security. "My team and I want a huge reward for this," the hackers said in an email to one of the victims.
"Keep in mind that we are expecting a big payout as this was a tough job for us."
According to a report by The Hacker News, two years ago, hackers managed to gain Uber's 57-sensitive millions of driver information. The company gave in to the two hackers $ 100,000 at Bitcoin, in an effort to cover up the incident.
"The accused used fake names to contact the victims-companies and, in several cases, informed the victims that other companies were paying them to find them. vulnerabilities ”, the indictment states.
They also sent some samples of data to the victims to convince them that the hackers were in fact possessing company data.
In addition, according to the allegations, the two hackers blackmailed both LinkedIn the same way in December of 2016. They informed the company that they had breached the affiliate's databases Lynda.com and that they had stolen over 90.000 archives users (and credit card details).
Then, the news that Uber had sent a team of hackers to their homes to look for them computers and make sure that all the stolen data was no longer available. In fact, they are said to have signed an agreement not to disclose the incident.
Uber revealed the incident a year later. The company had to pay 148 million for research, while the UK and Dutch regulators for protection data imposed a fine of 1,1 million on failing to protect customer personal information.
Uber had not even disclosed the incident to the US Federal Trade Commission (FTC), which was investigating another company-related incident at the time. The committee was also informed a year later.
The two defendants, Glover and Mereacre, who pleaded guilty to conspiracy to commit blackmail, await the verdict in March of 2020. Their sentence is expected to be up to five years in prison and a fine of 250.000 dollars.