An unidentified man was paid $100,000 to delete the data through a bug bounty program, Reuters reports.
Uber hasn’t identified the hacker it paid $100,000 to last year, but Reuters reports its a 20-year-old man in Florida.
A 20-year-old Florida man was responsible for a massive data breach at Uber last year, although his identity couldn’t be established, Reuters reported Wednesday.
Uber said it paid $100,000 to the data thieves at the time to delete the information. But the company did not reveal any details about the hacker or how it paid him the money.
Sources familiar with the hack told Reuters the payment was made through a program designed to reward bug hunters who report flaws in a company’s software. Uber’s bug bounty service is hosted by HackerOne, a company that connects security researchers with companies.
While three sources familiar with the hack told Reuters a Florida man was responsible, the news agency said it was unable to identify the man.
Uber may also have broken a promise made in a Federal Trade Commission settlement not to mislead users about data privacy and security.
Uber declined to comment, while HackerOne representatives didn’t immediately respond to a request for comment.
CNET’s Dara Kerr and Laura Hautala contributed to this report.