Two individuals who were indicted last August for stealing information from the LinkedIn training site Lynda.com back in 2016 are reportedly the same pair of hackers responsible for the 2016 Uber breach that affected 57 million worldwide users.
Citing two people close to the case, a TechCrunch report revealed the connection between the two incidents following the Oct. 18 unsealing of a federal indictment filed against alleged Lynda.com hackers Brandon Glover, a Winter Springs Florida resident, and Vasile Mereacre, a Canadian citizen in Toronto.
According to the indictment, the pair stole data pertaining to roughly 90,000 Lynda.com user accounts from a LinkedIn-owned Amazon web server (previous reports had the number around 55,000), then attempted to extort a bug bounty payment from the social networking company through its vulnerability disclosure platform provider HackerOne.
The perpetrators who executed the Uber breach demonstrated a similar m.o., intruding into an Uber-owned Amazon web server, accessing user account data and negotiating a $100,000 ransom payment in exchange for promising to destroy the purloined data. Under new leadership, Uber on Nov. 22, 2017 publicly owned up to the breach and its subsequent cover-up, and in September 2018 accepted a settlement of a $148 million fine from the Federal Trade Commission.
Mereacre was arrested in Florida on Oct. 16, after which time the indictment was unsealed, TechCrunch reports. Glover and Mereacre have both been charged with violating the Computer Fraud and Abuse Act.
Lynda.com is now known as LinkedIn Learning.