Uber under attack
Uber confirmed that it suffered a cyber attack last Thursday afternoon, which allowed attackers to access many of the company's critical systems, such as the company's security software, the Windows domain, the console Amazon Web Services, VMWare ESCXi virtual machines, Google Workspace email admin dashboard, and Slack server. Uber Communication informed its customers of the incident via a message posted on Twitter that said:
We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates here as soon as they become available.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
- Uber Comms (@Uber_Comms) September 16, 2022
Apparently unauthorized access was possible using social engineering techniques, a solution that has become increasingly popular over time , which led to the acquisition of an employee's password.| ); }
Yesterday, we told you about the discovery of a rather important vulnerability discovered by the cybersecurity company Vectra in Microsoft Teams, which could allow potential attackers to obtain authentication tokens and access accounts with multiple authentication active factors (MFA). For further details about it, we suggest you to read our previous dedicated article.
Uber Hacked—18 Year Old Hacker Claims To Be Behind Extensive Breach
Uber is investigating a potential system breach
TwitterThe New York Times is reporting that Uber has been hacked. Here's what we know so far concerning this breaking story.
The ride-hailing and food delivery company has suffered a systems breach, according to the report, with employees unable to access internal tools such as Slack. One employee resource page is said to have had a not safe for work image posted to it by the hacker. A bug bounty hunter and security engineer not involved in the alleged hack has posted a comment that is attributed to an Uber employee, who wished to remain anonymous, which claims they were told to stop using Slack and 'anytime I request a website, I am taken to a page with a pornographic image' and the message 'f*** you wankers.'
Another bug bounty hunter has tweeted a screenshot, allegedly from the hacker, where they state, 'I announce I am a hacker and Uber has suffered a data breach. Slack has been stolen...' with a hashtag of #uberunderpaisdrives
What has Uber said about the hack?I reached out to Uber for a comment and was pointed to an official statement posted to Twitter which reads: 'We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.'
MORE FROM FORBESSamsung Has Been Hacked: What Data Has Been Stolen?By Davey WinderI have seen messages from someone who claims various Uber admin accounts are under their control. A New York Times reporter says that the hacker tells them he is 18 years old and hacked the Uber systems because 'they had weak security.' He further claims this was accomplished through the social engineering of an Uber employee to obtain login credentials.
Uber securitty vulnerability reports could have been stolenBleeping Computer has been in contact with the alleged hacker and has seen screenshots showing access to 'critical Uber IT systems' that include security software, Amazon Web Services console, Google Workspace email admin dashboard and the aforementioned Slack server. It would also appear that the hacker gained access to Uber's HackerOne vulnerability bug bounty account, leaving comments on a number of report tickets. This could yet prove to be one of the most valuable resources from the attacker's perspective, as it has been claimed that Uber's vulnerability reports were downloaded. Marten Mickos, the HackerOne CEO, has stated that the Uber account has been locked down and the company is working with Uber to assist in the investigation.
'This attack has left Uber with a significant amount of data leaked with the potential of including customer and driver’s personal data,' Jake Moore, global cyber security advisor at ESET, said. 'This is seemingly the work of a clever socially engineered attack. Gaining entry to private data inside VPNs needs to be difficult and behind strict protections. This leaves Uber with a lot of questions about how much data was compromised via such an easy method.'
It is not known what, if any, customer data might have been accessed at this point in time. This is a developing story, and I will keep updating it as more details emerge.