Hackers Behind 2016 Uber Hack Indicted for Another Hack

Two hackers who were behind the Uber data breach of 2016 have now been indicted for another hack.

The two hackers, Vasile Mereacre and Brandon Glover, have now been indicted on separate charges of hacking Lynda, the online learning portal.

TechCrunch reports, “Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda, two people familiar with the case have told TechCrunch.” The report further adds, “Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, were indicted earlier this month in Florida on federal hacking and extortion charges for stealing data on 55,000 Lynda users’ accounts.”

As per the TechCrunch report, the FBI, according to the recently unsealed indictment, was considering extraditing Vasile Mereacre from Canada. However, when it was later learned that Mereacre was planning to fly to Miami on October 16, the FBI arrested him as soon as he landed. It was during Mereacre’s initial appearance in court that the indictment was unsealed.

The TechCrunch report explains, “The indictment accuses the two alleged hackers of obtaining tens of thousands of Lynda user accounts from a company-owned Amazon web server. Prosecutors accused the two of “exerting control over the accounts as a means to obtain money from LinkedIn.” Using a burner Protonmail email account, the two emailed LinkedIn and HackerOne, a bug bounty program used by Lynda, to disclose the breach.”

Both Vasile Mereacre and Brandon Glover, as per reports, have been released on bond and on the condition that they wouldn’t be permitted to use the internet. The hearing of the case goes on in a California court.

TechCrunch says that the accusations the two hackers are facing are almost identical to the circumstances that developed around the Uber data breach.

Uber, as we had already reported, had suffered a massive global data breach in 2016 when 57 million people, including users and drivers, got their personal data stolen. But the company refrained from informing the impacted people and instead paid the two hackers $100,000 through its bug bounty to destroy the data that they had stolen. They didn’t even inform the regulators about the breach, which came to light almost a year later. We had recently reported about Uber being willing to pay, as per a settlement agreement, $148 million nationwide to those affected by the data breach.

The TechCrunch report says, “Uber disclosed the breach of 57 million worldwide users — including 4.1 million drivers — almost a year later. The company was accused of covering up the breach, after two former senior Uber executives — since fired — paid the two hackers $100,000 through its bug bounty to destroy the data that they obtained but without notifying customers or regulators…Little was known about the hackers until Uber’s chief information security officer John Flynn told lawmakers at a Senate Commerce Committee hearing in February that the two hackers were from Florida and Canada.”