Uber investigates security breach of its internal systems

Uber investigates security breach of its internal systems

Posted on

Uber Technologies Inc. said Thursday afternoon that it was investigating a “cybersecurity incident” after a hacker breached its internal systems and left messages with evidence that they had accessed critical information.

“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” tweeted the Uber Communications account.

The New York Times, which was the first to report on the incident, said that the hacker posted to the internal communication system within Uber during the attack with a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The same message went on to list several internal databases the hacker claimed to have compromised.

The Times, who said they spoke with the hacker, said that the attack had been carried out using a social engineering attack on any employee, which led to the theft of their password. This is where a person is tricked into giving away their access credentials through an email, phone call or website that then allows a third party to access internal systems.

“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”

Screenshots shared by the hacker appear to reveal a multitude of critical Uber systems including security software, Amazon Web Services console, VMWare virtual machines, Google email admin dashboards and the Slack server. Employees were asked to log out of the Slack server while Uber investigates.

Chris Vaughan, area vice president of technical account management, EMEA, at cybersecurity firm Tanium said that big organizations such as Uber were common targets for hackers due to the monetizable assets within their databases such as customer and driver records.

“This is another example of a relatively simple attack causing a big incident and potentially huge reputational damage for the victim organization,” Vaughan said. “The attacker social engineered an employee to gain access to the network via VPN. Once in, they were able to find hard-coded passwords in scripts and then used them to infiltrate several parts of the network. This includes gaining access to their admin management tools as well as several databases.”

From a cursory analysis, Vaughan said, it would appear that the attacker may have had access to data of both drivers and customers.

So far Uber has not given any details about what data the hacker may have compromised. Uber has said that the hack is currently under investigation.

A group of hackers responsible for a string of recent cyberattacks used social engineering to compromise Twilio and attempted to breach Cloudflare. The same attackers were soon discovered to have targeted over 130 organizations in the same campaign.

This is not the first time Uber has been compromised. In 2021, the company fired its chief security officer after it claimed that he hid details of a hack in 2016 that exposed over 57 million customer records and the license numbers of about 100,000 Uber drivers. It was also revealed that the company’s ex-security chief had paid the hackers $100,000 in ransom to cover their tracks and keep the breach quiet.

Image: TheDigitalArtist/Pixabay

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *