The attackers who infiltrated LinkedIn-controlled Lynda.com’s and Uber’s Amazon web servers have confessed in federal court of California to charges of extortion conspiracy and computer hacking. Brandon Glover (Florida resident) and Vasile Mereacre (Canadian national) were indicted last year for pinching data from LinkedIn training website Lynda.com in a hack that impacted 55,000 accounts. It was later discovered that they were also responsible for an Uber breach in 2016 that negotiated 57 Million consumers.
The duo has confessed to Judge Lucy Koh that they employed AWS (Amazon Web Services) credentials belonging to Lynda.com and Uber workers to use their servers. They also confessed to pinching private user data and then contacting the firms to extort them for bitcoin worth thousands of dollars.
When Glover and Mereacre asked for payment from Lynda.com to erase their stolen data, they added a note that claimed they are hoping for a huge payment and that they already “assisted a huge corp that paid almost 7 digits.” They were possibly speaking about Uber, which gave them $100,000 below its bug bounty initiative and then found them to make them ink non-disclosure deals.
On a similar note, earlier the LinkedIn-controlled division, though, declined to pay, alerted their users about the hack, and decided to find a method to identify the attackers rather.
Although Uber initially selected to keep the hack a secret, it ultimately came to light and triggered an FTC probe. Consequently, the ride-hailing behemoth was fined for $148 Million and had to agree to 2 Decades of privacy probes—the firm also removed Joe Sullivan (chief security officer), who arranged the transactions and decided not to warn consumers about the hack. As per media, the duo might face a maximum sentence of almost 5 Years in federal prison and can be penalized almost $250,000.