Uber Inc. is investigating a cybersecurity incident the place a hacker claimed to have breached its inside community and took down a number of engineering and communications techniques. Initially mentioned on social media the incident affected Uber’s inside Slack messaging, which was shut down after a cybersecurity breach and compromised the corporate’s information.
What Occurred?
Reportedly, on Thursday, Uber staff acquired a Slack message from somebody claiming to be a hacker. The attacker additionally urged that the corporate improve its drivers’ pay.
“I announce I’m a hacker and Uber has suffered a knowledge breach,” the message learn.
To your info, Uber makes use of Slack for its inside communications system.
After accessing one of many firm’s employees member’s Slack accounts, the hacker might compromise Uber’s inside databases, after which they posted an express picture on the corporate’s inside info web page for its staff after getting management of its inside techniques.
The breach was found shortly after, and resultantly, Uber’s IT safety staff took most of its inside engineering and communications techniques offline. An investigation into the incident was additionally promptly launched.
We’re at present responding to a cybersecurity incident. We’re in contact with regulation enforcement and can publish further updates right here as they grow to be accessible.
Uber
Information Breach Particulars
The unknown hacker claims to have stolen Uber’s unique information and shared pictures of cloud storage, electronic mail, and code repositories with cybersecurity consultants. As per Yuga Labs safety engineer Sam Curry, the hacker appears to have gained full entry to Uber’s inside pc techniques and carried out a “whole compromise.”
In the meantime, Uber has instructed its staff to keep away from utilizing Slack, whereas its different inside techniques are additionally inaccessible. Curry additionally shared a message apparently from an Uber worker which unofficially confirms the breach.
In accordance with malware evaluation platform vx-underground on Twitter, further screenshots leaked by the menace actor present they allegedly have entry to Uber’s AWS occasion, vSphere, Google office, HackerOne administration panel, and several other different platforms utilized by the San Francisco, California-based ride-hailing big.
Extra screenshots can be found on vx-underground’s on Twitter.
In accordance with safety researcher Marcus Hutchins on Twitter, “the Uber hack appears actually dangerous.” Nevertheless, on TikTok, Marcus posted an up to date revealing that the hacker is definitely an 18-year-old child with no connection to any group. Nevertheless, on the time of writing, it was unclear who the hacker truly is, how outdated are they and what are their precise motives.
Social Engineering at Work
In accordance with The New York Instances, the hacker used social engineering techniques to infiltrate Uber’s communications system. He despatched a textual content message to a employee at Uber claiming to be a company info know-how personnel and persuaded the worker handy over their Slack password.
Afterward, accessing Uber’s techniques was fairly straightforward. The hacker claims that he’s eighteen years outdated and was capable of breach the ride-hailing firm’s techniques due to weak safety.
Uber chief info safety officer Latha Maripuri confirmed that there’s no particular estimate of when its companies shall be totally restored.
Keep tuned, this text shall be up to date with extra info.
Associated Information
- New Android Malware Disguised as Uber App
- A whole lot of Uber Eats Consumer data leaked on Darkish Net
- Uber Rival Careem Hacked, 14 million buyer & driver information stolen
- Uber dismissive about safety flaw that lets hackers bypass its 2FA
- Ex-Uber CSO Joseph Sullivan charged over 2016 information breach cover-up
