In 2016, one American citizen and one Canadian national teamed up to compromise the systems of Uber and LinkedIn in order to steal user information, which they subsequently used in order to extort the two companies, the two admitted in court this week.
The threat actors used a custom tool to try and breach GitHub accounts of major companies using leaked credentials. Once they had breached an account, they would search it for Amazon Web Services (AWS) credentials that could enable them to steal user data from the targeted firm’s cloud environment. In this way, they managed to access about 57 million Uber user and driver records, as well as 90,000 user accounts for the LinkedIn-owned online education platform Lynda.com. The attackers first contacted Uber in November 2016, and managed to get the firm to pay them $100,000 in bitcoin so they would not disclose the breach, which Uber actually kept secret for about one year. In December of 2016 the attackers attempted to extort LinkedIn with the stolen data, but the company decided to publicly disclose the breach instead.
Read more: Hackers who extorted Uber and LinkedIn plead guilty