According to Bleeping Computer, Uber was the victim of a cyberattack on Thursday, September 15, 2022, in the afternoon.
Uber’s internal systems, email dashboard, and Slack server were all successfully accessed by the attacker.
The hijacker was able to get total administrative access to the company’s domain accounts for services such as AWS, Duo, OneLogin, G Suite, and VMware vSphere, among others.
They even stole Uber’s source code and have offered screenshots to back up their accusations.
The timing isn’t optimal for taking Uber at this point.
If you work in IT, you might want to have a friend hold you back for this one since it really gets under my skin how employees are supposed to have responded when they were told to stop chatting with the hacker on Slack.
- Uber was hacked on September 15, 2022.
- The hijacker gained administrator access to AWS, Duo, OneLogin, G Suite, VMware vSphere, and other domain accounts.
- Uber has been the target of data breaches before.
- Passwords should never be disclosed to anyone, even those claiming to be from the IT department.
- Your IT support team already has access to your account even if you forget your password but they are never allowed to give it out.
How Uber was Hacked
According to The New York Times, the perpetrator of the Uber hack claims that they gained access to the system by sending a text message to an Uber employee while pretending to be a member of the company’s corporate IT department.
Full access was immediately granted when the hacker (if we can call them that) successfully persuaded the employee to submit their login credentials.
Sam Curry, an engineer at Yuga Labs, took to Twitter to recount the situation after speaking with the alleged hacker, who claimed to be only 18 years old.
They established their case by sending screenshots that seemed to be taken from legitimate internal systems.
Curry spoke with other Uber employees on their experiences:
An employee reported receiving an “URGENT” email from IT security urging them to stop using Slack.
“Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message ‘F*** you wankers’.”
The Slack channel was eventually pulled offline when one of the posts claimed,
“I announce I am a hacker and Uber has suffered a data breach.”
Furthermore, it went on to list a variety of other systems to which they claimed to have access.
Because there doesn’t appear to be any pattern or rationale for the attack, Curry laughs,
“it seems like this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,”
This is extremely bizarre because there appears to be no pattern or explanation to the attack.
Relevant insight: Do This Right Now Before Hackers Hack into Your Facebook Account
Has Uber ever been hacked?
According to Ars Technica, this is not the first time Uber has been a victim of a data breach.
Uber allegedly delayed to disclose a major data breach in 2016, in which the names, email addresses, and phone numbers of 57 million users and drivers were stolen.
The breach happened in 2016.
The corporation allegedly failed not disclose the event to the Federal Trade Commission.
Instead, they paid the hackers a $100,000 bug bounty in exchange for deleting the data and signing a non-disclosure agreement, and they passed it off as part of a security test to avoid embarrassment.
During that event, Joe Sullivan, one of Uber’s most senior security executives, was fired; however, his attorneys argue that he was made a scapegoat for the mistakes of other employees.
Uber’s official Twitter account claimed on Thursday that an investigation into the recent hack is now underway.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”
I’ll never understand why people still don’t know that in this day and age, exposing your password to strangers is a stupid act.
They term it “social engineering,” although attacks of this sort require such infuriatingly little effort that calling it that is, quite frankly, an insult to engineers.
What’s the bottom line? Please do not give out your passwords to anyone, even if they pretend to be from the IT department.
If you loose your password, that IT department should already have access to your account, I mean that’s their department.
Join our 100,000+ tech enthusiasts and never miss members’ exclusive Tech News and Reviews.
If this post was helpful, feel free to click on the social media icon below to share with friends and families, remember Sharing is Caring!
See what others are reading: