On Thursday, Uber learned that its computer network had been compromised, prompting the firm to shut down several of its internal communications and engineering systems as it looked into the scope of the attack.
A person claiming responsibility for the attack gave screenshots of emails, cloud storage, and code repositories to cybersecurity experts and The New York Times. It looked like many of Uber’s internal systems had been infiltrated.
Sam Curry, a security engineer at Yuga Labs who communicated with the person who claimed responsibility for the attack, said, “they pretty much have full access to Uber.” “From what it seems, this is a complete compromise.” According to an Uber spokeswoman, the firm is looking into the security compromise and has gotten in touch with law police.
According to two employees who were not authorized to talk in public, Uber employees were told not to use the company’s internal messaging program, Slack, and discovered that other internal systems were unreachable.
Employees at Uber on Thursday got a message that said, “I announce I am a hacker and Uber has suffered a data breach,” just before the Slack system was shut down. The message continued by listing several internal databases that the hacker claimed were vulnerable.
According to the Uber representative, a hacker accessed a worker’s Slack account and used it to send the message. An explicit photo was posted on an internal information page for staff, suggesting that the hacker could access different internal systems later.
According to the guy who claimed responsibility for the attack, he texted an Uber employee while posing as a corporate information technology expert. Social engineering was used to convince the employee to divulge a password that gave the hacker access to Uber’s computer systems.
According to Rachel Tobac, CEO of SocialProof Security, “These social engineering assaults to establish a foothold within tech organizations have been expanding.” Ms. Tobac cited the 2020 Twitter attack, in which teens broke into the firm via social engineering. Recent hacks at Microsoft and Okta both employed similar social engineering approaches.
Attackers are becoming more intelligent and keeping track of what works, according to Ms. Tobac. They now offer kits that simplify implementing and deploying these social engineering techniques. It’s nearly become a commodity.
Uber is investigating a new breach of its network after a hacker appears to have compromised an employee’s Slack account and accessed other internal systems.
— The Hacker News (@TheHackersNews) September 16, 2022
The hacker said he was 18 years old and had been honing his cybersecurity abilities for several years. He shared images of internal Uber systems to show his access. He said the company’s lax security was why he could hack into Uber’s servers. The individual also advocated increased pay for Uber drivers in the Slack message announcing the breach.
According to Mr. Curry, the individual looked to have access to the Uber source code, email, and other internal systems. He speculated that they might be a young person who joined Uber, had no idea what to do with it, and was having the time of his life.
An Uber official informed staff members that the breach was being investigated in an internal email, which The New York Times could view. Latha Maripuri, Uber’s chief information security officer, wrote: “We don’t have an idea right now when full access to tools will be restored, so thank you for sticking with us.
Data from Uber had already been taken by hackers. Hackers stole data from 57 million driver and rider accounts in 2016, and when Uber was contacted, they requested $100,000 to have their copy of the data deleted. Uber coordinated the payment but hid the breach for over a year.
At the time, Joe Sullivan served as Uber’s chief security officer and was let go for his involvement in the company’s response to the attack. For neglecting to notify regulators of the breach, Mr. Sullivan was charged with obstructing justice and is currently on trial.
Attorneys representing Mr. Sullivan have claimed that other employees were in charge of regulatory filings and that Mr. Sullivan was being used as a scapegoat by the company.
For more news like this, stay tuned with domaintrip.com