Uber investigating cybersecurity incident after hacker breaches its inner community
Uber confirmed on Thursday that it’s responding to a cybersecurity incident after reviews claimed a hacker had breached its inner community.
The ride-hailing big found the breach on Thursday and has taken a number of of its inner communications and engineering techniques offline whereas it investigates the incident, in response to a report by The New York Times, which broke the news of the breach.
Uber stated in a press release given to Thealike that it’s investigating a cybersecurity incident and is involved with legislation enforcement officers, however declined to reply further questions.
The sole hacker behind the seashore, who claims to be 18 years outdated, advised the NYT that he compromised Uber as a result of the corporate had weak safety. The attacker reportedly used social engineering to compromise an worker’s Slack account, persuading them handy over a password that allowed them entry to Uber’s techniques. This has turn out to be a preferred tactic in current assaults towards well-known corporations, together with Twilio, Mailchimp, and Okta.
Shortly earlier than the Slack system was taken offline on Thursday afternoon, Uber staff obtained a message that learn, “I announce I am a hacker and Uber has suffered a data breach”, the NYT reviews. The hacker additionally reportedly stated that Uber drivers ought to obtain increased pay.
According to Kevin Reed, CISO at cybersecurity firm Acronis, the attacker discovered excessive privileged credentials on a community file share and used them to entry every part, together with manufacturing techniques, Uber’s Slack administration interface, and the corporate’s EDR portal.
“If you had your data in Uber, there’s a high chance so many people have access to it,” Reed said, noting that it’s not but clear how the attacker bypassed two-factor authentication (2FA) after acquiring the worker’s password.
The attacker can also be believed to have gained administrative entry to Uber’s cloud providers together with on Amazon Web Services (AWS) and Google Cloud (GCP), the place Uber shops its supply code and buyer information, in addition to the corporate’s HackerOne bug bounty program.
Sam Curry, a safety engineer at Yuga Labs who described the breach as a “complete compromise”, stated that the risk actor seemingly had entry to the entire firm’s vulnerability reviews, which suggests they could have had entry to vulnerabilities that haven’t been mounted. HackerOne has since disabled the Uber bug bounty program.
In a press release given to Thealike, Chris Evans, HackerOne CISO and Chief Hacking Officer stated the corporate “is in close contact with Uber’s security team, have locked their data down, and will continue to assist with their investigation.”
This is just not the primary time that Uber has been compromised. In 2016, hackers stole data from 57 million driver and rider accounts after which approached Uber and demanded $100,000 to delete their copy of the information. Uber organized the cost however saved the breach a secret for greater than a 12 months.