Uber is under fire for its response to a massive hack attack in 2016 that§raise questions about the way it handled sensitive customer information.

Instead of reporting the hackers to police, the company allegedly paid $100,000 in exchange for a promise to delete 57 million user files the men stole off a third-party server, prosecutors said.

Within weeks of paying the ransom, Uber employees showed up at Brandon Glover's Winter Park, Florida, home and found Vasile Mereacre at a hotel restaurant in Toronto, Canada, the Justice Department said.

The pair admitted their crimes, but Uber didn't turn them over to the cops. Instead, they had the hackers sign non-disclosure agreements, promising to keep quiet. Obviously, people who hack computers for a living are the sorts who would honour an NDA.

US attorney for Northern California Dave Anderson told CBS News correspondent Kris Van Cleave this in an exclusive interview. Anderson, who investigated the hack, said there's "no way to know definitively" what happened to the stolen data.

The hackers also targeted a company owned by LinkedIn in December of 2016, but prosecutors say LinkedIn did not pay and promptly reported the hack to police.

Uber eventually did as well -- a year after the hack, when new CEO, Dara Khosrowshahi, publicly disclosed the attack. The two known hackers were ultimately arrested and pleaded guilty on to conspiracy to commit extortion charges. They face a maximum of five years in prison.