Uber Investigating Cybersecurity After Hackers Breached Its Internal Systems

September 16, 2022
Uber investing hack
698
Views
Uber investing hack

Uber confirmed that it is responding to a cybersecurity incident after reports claimed that a hacker had breached its internal network. The company discovered the breach last week and has taken many of its internal communications and engineering systems offline while investigating the incident.

The sole hacker behind the beach, who claims to be 18 years old, has alleged that he compromised Uber because the company had weak security. The hacker reportedly used social engineering to compromise an Uber employee’s Slack account, persuading them to hand over a password that allowed them access to Uber’s systems. This has become a popular tactic in recent attacks against popular companies, including Twilio, Mailchimp, and Okta.

The screenshots shared by the hacker show what appears to be full access to many critical Uber IT systems, including the company’s security software and Windows domain. Other systems accessed by the hacker include the company’s Amazon Web Services (AWS) console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard for managing the Uber email accounts.

Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach,”. The hacker also reportedly said that Uber drivers should receive higher pay. However, screenshots from Uber’s slack indicate that these announcements were first met with memes and jokes as employees had not realized an actual cyberattack was taking place.

According to Kevin Reed, CISO at cybersecurity company Acronis, the attacker found high-privileged credentials on a network file share and used them to access everything, including production systems, Uber’s Slack management interface, and the company’s endpoint detection and response (EDR) portal.Further, Uber posted an additional update mentioning that the investigation is still ongoing but all their services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational. Also, the internal software tools that they took down as a precaution are back online now.

Divya Jose
Article Categories:
News
Divya Jose

Divya Jose is a web content developer, with extensive knowledge of all things technology. A writer by day, and reader by night, she has a natural flair for languages.

Leave a Reply

Your email address will not be published. Required fields are marked *

The maximum upload file size: 256 MB. You can upload: image, audio, video, document, spreadsheet, interactive, text, archive, code, other. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here