Two computer hackers have pleaded guilty to concocting an extortion scheme that entangled Uber in a yearlong cover-up of a data breach that stole sensitive information about 57 million of the ride-hailing service's passengers and drivers, the AP reports. The pleas entered Wednesday in a San Jose, Calif., federal court by Brandon Charles Glover and Vasile Mereacre resurrected another unseemly episode in Uber's checkered history. Glover, 26, and Mereacre, 23, acknowledged stealing personal information from companies that was stored on Amazon Web Services from October 2016 to January 2017 and then demanding to be paid to destroy the data.
Uber met the hackers' demand with a $100,000 payment, but waited until November 2017 to reveal that the personal information of both its riders and drivers around the world had fallen into the hands of criminals. US Attorney David Anderson ripped into Uber for not immediately alerting authorities about the loss of so much personal information that could have been used for identity theft and other malicious purposes. Uber declined to comment on the guilty pleas and Anderson's criticism. The San Francisco company has previously said it mishandled the data breach. Glover and Mereacre each face up to five years and prison and a $250,000 fine. (Meanwhile, Uber employees are now served "lowly" Starbucks.)