But the company did not reveal any information about the hacker or how it paid him the money.
Sources familiar with the hack told Reuters the payment was made through a program created to reward bug hunters who report flaws in a company's software.
As per a report by Reuters, the payment to the hacker was made via Uber's bug bounty program hosted by HackerOne.
According to three unnamed sources, as reported by Reuters, a 20-year-old was responsible for the catastrophic data breach, rather than a sophisticated group or state-sponsored team. Sources familiar with the hack have told Reuters that the payment was made through a program created to reward bug hunters who report flaws. "None of this should have happened, and I will not make excuses for it", Uber's CEO Dara Khosrowshahi said in a statement last month.
Uber declined to comment, while HackerOne representatives didn't immediately respond to a request for comment. Reuters said Uber made the man sign a nondisclosure agreement, and verified that the data had been erased.
Katie Moussouris, a former HackerOne executive, told Reuters that Uber's payout and silence at the time was extraordinary under such a program.
Mozilla files counter suit against Yahoo & Oath
Now, Yahoo and Mozilla have each filed complaints alleging that the other company violated the 2014 contract. Yahoo's complaint centers on "breach of contract" and "breach of covenant of good faith and fair dealing".
The Florida hacker paid a second person for services that involved accessing GitHub, a site widely used by programmers to store their code, to obtain credentials for access to Uber data stored elsewhere, one of the sources said.
Reuters' sources said that ex-CEO Travis Kalanick was aware of both the breach and payment when he led the company.
Speaking to the publication, one source described the hacker as "living with his mom in a small home trying to help pay the bills".
CEO Marten Mickos said that he could not comment on individual customers' programmes.
When a valid vulnerability is discovered and submitted through a bug bounty program, there is usually a public disclosure and often a technical explanation of the problem to promote news of the fix and to encourage other researchers to take an interest.
Remember the unidentified man that was paid $100,000 to delete Uber's stolen data?