[hitgeek]

this seemed like a bug bounty from the beginning, and the media was disingenuous to spin it like blackmail.

if there was no evidence that any data was actually compromised, I'm not sure I see a reason why they would need to disclose this to the public.

[cag_ii]

> Uber received an email last year from an anonymous person demanding money in exchange for user data ...

Doesn't sound like a typical bug bounty to me.

[dsacco]

That sounds more like you’ve never been on the receiving end of a bug bounty program :)

[denzil_correa]

A data breach isn’t a big bounty.

[IncRnd]

It doesn't matter if this was a bug bounty or not. It doesn't matter whether blackmail occurred.

The difficulty for Uber is that the existence of this a bug was kept a secret from the public, whose information may have been stolen. Nobody knows that this bug was not exploited by other parties.

[goialoq]

> the personal data of 57 million passengers and 600,000 drivers were stolen in a breach that occurred in October 2016, and that it paid the hacker $100,000 to destroy the information