Uber is looking into a hack on its computers Hacking into Uber’s computer systems is being investigated.
The computer network that Uber uses has been compromised.
Uber investigates computer breach
After discovering that multiple internal communications and engineering systems had been breached, the ride-hailing business said that it was conducting an investigation.
After the hacker had provided the New York Times with screenshots of email, cloud storage, and code repositories, the newspaper was the first to publish the security breach.
Uber is looking into a hack on its computers
According to the story, which cited two employees as sources, employees at Uber were warned against using the Slack software for office messaging.
Employees at Uber got a message shortly before the Slack system was knocked offline that read: “I announce I am a hacker and Uber has suffered a data breach.”
It appears that the hacker was later able to obtain access to other internal systems, as evidenced by the fact that they posted a sexually explicit photo on a page that is accessible to staff only internally.
Uber has stated that it is communicating with relevant authorities over the security issue.
There has been no evidence to suggest that Uber’s vehicles, its users, or their payment data have been compromised as a result of the attack.
Hunters of the Bug Bounty
A subscription fee is paid by Uber to the bug bounty portal HackerOne, which is situated in the state of California. A significant number of large companies make use of bug bounty programs, which, in essence, pay ethical hackers to find bugs in their systems.
Sam Curry, one of the individuals searching for bugs to collect bounties, was the one who connected with the Uber hacker. He stated, “It appears as though they have compromised a great deal of many things.”
Mr. Curry stated that he had a conversation with multiple Uber personnel, and those employees told him that they were “trying to lock down everything internally” to limit the hacker’s access.
According to him, there was no evidence that the hacker had caused any damage or was interested in anything other than notoriety. He indicated that this was the case.
HackerOne’s chief hacking officer, Chris Evans, provided the following statement to the BBC: “We are in close communication with Uber’s security team, have shut down their data, and will continue to cooperate with their investigation.”
Who exactly is to blame?
The BBC has come into possession of texts sent by an individual who asserts that they handle a number of administrative accounts for Uber.
According to a report in The New York Times, the hacker is only 18 years old, has been honing his cyber-security abilities for some years, and hacked into the Uber networks because “they had insufficient protection.”
Additionally, the individual suggested that Uber drivers should be paid more in the Slack message that was sent to notify the data incident.
It is commonly accepted in the field of cyber security that “people are the weakest link,” and this particular breach demonstrates, once again, that it was an employee who was tricked into letting the thieves in.
In spite of the fact that the proverb is correct, it is incredibly cruel.
The more complete picture that is emerging suggests that the hacker in question possessed a high level of ability as well as a high level of motivation.
As we saw with the recent breaches of Okta, Microsoft, and Twitter, young hackers with lots of time on their hands and a devil-may-care attitude may easily seduce even the most diligent staff into making cyber-security mistakes.
This method of hacking, known as social engineering, predates the invention of computers themselves. If you don’t believe me, just ask notorious ex-hacker Kevin Mitnick, who used to use flattery and guile to get around telephone networks in the 1970s.
The difference with today’s hackers is that in addition to having a talent for gab, they also have access to highly advanced software that is simple to operate, which makes their job significantly simpler.
Uber is looking into how much of its computer systems were broken into
The breach happened on Thursday, and according to the New York Times, the company had to shut down some of its internal engineering and communication systems.
A spokesperson for Uber said that the company was looking into the breach and in touch with law enforcement.
Two employees told The Times that employees were told not to use the company’s internal messaging system, Slack, and that other internal systems were inaccessible.
The person who said they did the hack told the outlet that they were able to trick an Uber worker into thinking they were an IT person and get them to give them a password that gave them access to Uber’s systems.
Just before the systems were shut down, a Slack message was sent to employees that said, “I’m a hacker, and Uber’s data has been stolen.”
A spokesman for Uber said that a hacker got into the company’s internal systems and put an explicit photo on a page for employees only.
In 2016, hackers broke into 57 million driver and rider accounts and stole information from them. They then went to Uber and asked for $100,000 to delete their copy of the information.
Uber Is Looking Into A Possible Breach Of Their Computer Systems
On Thursday, Uber found out that its computer network had been hacked, which prompted the firm to take offline several of its internal communications and engineering systems while it investigated the scope of the hack.
A significant number of Uber’s internal systems looked to have been hacked as a result of the attack, and the individual who claimed responsibility for the hack shared photos of email, cloud storage, and code repositories to cybersecurity researchers and The New York Times.
Sam Curry, a security engineer at Yuga Labs who spoke with the individual who claimed to be responsible for the breach, stated that “They pretty much have full access to Uber.” “From what I can tell, this is a complete concession on both sides.”
A spokeswoman for Uber stated that the firm was looking into the security issue and was in contact with law enforcement officials.
According to two employees who were not permitted to speak publicly about the matter, Uber workers were given the instruction not to use the company’s internal messaging program, which is called Slack, and discovered that other internal services were inaccessible.
Employees at Uber got a message on Thursday afternoon that read, “I announce I am a hacker and Uber has suffered a data breach shortly before the Slack system was taken offline.” The message continued on to detail numerous different internal databases, all of which the hacker claimed to have been breached in some way.
According to a spokeswoman for Uber, a hacker gained access to one of the company’s employees’ Slack accounts and used it to send the message. It appears that the hacker was later able to obtain access to other internal systems, as evidenced by the fact that they posted a sexually explicit photo on a page that is accessible to staff only internally.
The individual who has taken responsibility for the breach has informed The New York Times that he deceived an Uber employee by sending them a text message in which he claimed to work in the company’s information technology department. By using a strategy that is known as social engineering, the hacker was able to convince the employee to hand up a password, which then allowed them to get access to Uber’s servers.
According to Rachel Tobac, chief executive of SocialProof Security, “these kinds of social engineering assaults to get a foothold within tech organizations have been expanding.” [C]ompanies that specialize in information technology are increasingly the target of such attacks. Ms. Tobac cited the hack of Twitter that occurred in the year 2020, in which young people gained access to the corporation using social engineering. Recent hacks at Microsoft and Okta also involved the use of social engineering tactics that were comparable.
Ms. Tobac stated that “We are noticing that attackers are getting smarter and are also recording what is working.” They now have kits that make it easier to deploy and use these methods of social engineering, and these kits can be purchased online. It has reached the point where it is nearly a commodity.
The hacker, who demonstrated his access by providing screenshots of internal Uber systems, stated that he was 18 years old and had been working on his cybersecurity abilities for several years. He gave the screenshots to demonstrate his access. He claimed that he had gained access to Uber’s computers due to the company’s lax security measures. Additionally, the individual suggested that Uber drivers should be paid more in the Slack message that was sent to notify the data incident.
According to Mr. Curry, the individual appeared to have access to the source code of Uber as well as email and other internal systems. “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,” he added. “It seems like maybe they’re this child who got into Uber and doesn’t know what to do with it.”
An senior from Uber disclosed to staff, via an internal email that was obtained by The New York Times, that the company was looking into the hacking incident. According to a message sent out by Uber’s chief information security officer Latha Maripuri to customers, “We do not have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us.”
It was not the first time a hacker had taken data from Uber; in fact, it was one of many times. In 2016, hackers gained access to 57 million driver and rider accounts and stole information from those accounts. The hackers then approached Uber and wanted $100,000 to remove their copy of the data. Uber arranged for the money, but for over a year, they remained silent about the security lapse.
Because of his part in the company’s reaction to the attack, Joe Sullivan, who had been Uber’s top security executive at the time, was terminated from his position. Because Mr. Sullivan did not report the breach to the appropriate authorities, he has been charged with obstructing justice and his trial is presently underway.
Attorneys for Mr. Sullivan have contended that other employees at the company were responsible for regulatory disclosures and that the company is using Mr. Sullivan as a scapegoat.