Top
Home / Cyber
Cyber, Cyber Security, News

Uber Hack: Internal System Breached

By

Uber Hack: A few days ago, Uber suffered a cyberattack, which resulted in information disclosure of sensitive data such as screenshots of the company’s internal systems, email dashboards, and Slack servers used for internal communications of employees. Fortunately for Uber, the attack did not access the company’s production environment, user accounts, or databases where they stored sensitive information.

Uber, on an update, said it didn’t find evidence that its code base, user data, and information were manipulated, altered, or deleted. However, the attacker did manage to gain access to the internal system of the company, where vulnerability reports were stored, on the finance teams’ tool to manage invoices and the Slack platform used by staff to communicate with each other.

“Any bug reports the attacker was able to access have been remediated,”

THE COMPANY SAID IN THE UPDATE.

Dark Web

At first, the alleged attacker was an 18-year-old who managed to gain access to Uber’s inner systems through social engineering methods towards Uber’s employees. According to investigations, the attacker got their hands on a contractor’s account, who most likely purchased the individual corporate’s password on the dark web. It appears that the victim had their personal device infected with malware, exposing their credentials and leaking them into the dark web. The threat actor initiated a multifactor authentication fatigue attack, wherein they repeatedly tried to log in to the contractor’s Uber account, which prompted two-factor authentication requests. According to Uber, the contractor eventually accepted one of those requests, which allowed the threat actor to log in successfully.

cyberattack
hackers messages on slack
Uber hack
screenshots fom the hacker
Uber hack
screenshots fom the hacker
Uber hack
screenshots fom the hacker

The attacker also posted messages on the Slack platform, which was now breached, and stated to other employees that Uber had been hacked. At first, these statements were taken as a joke between employees, but it was later realized that they were dealing with a real threat.

Uber Cyberattack

But since last week, Uber has changed their statement, and it’s believed that behind these attacks is Lapsus$, the extortion group responsible for attacks this year on Cisco, Nvidia, Microsoft, Okta, Samsung, and, reportedly, Rockstar Games over the weekend.

Uber said it’s closely coordinating recovery and response efforts with the FBI and Department of Justice and has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available.

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” tweeted the Uber Communications account.

Uber hack: In an additional update, Uber posted that though the investigation is still running, their other platforms are up0 and running without any damage.

“We have no evidence that the incident involved access to sensitive user data … All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational… As we shared yesterday, we have notified law enforcement… Internal software tools that we took down as a precaution yesterday are coming back online this morning.”, are some of the statements posted by Uber executives online.

Tags: ,
0

Kristi Shehu is a Cyber Security Engineer (Application Security) and Cyber Journalist based in Albania. She lives and breathes technology, specializing in crafting content on cyber news and the latest security trends, all through the eyes of a cyber professional. Kristi is passionate about sharing her thoughts and opinions on the exciting world of cyber security, from breakthrough emerging technologies to dynamic startups across the globe.

RELATED POSTS

News, Tech

By Yuvraj Malik (Reuters) - Uber will pay $1,000 in credits to certain commuters in the U.S. and Canada who ditch their cars for five weeks in favor of public and other transport services, it said on Thursday, in its latest

News, Tech

By Harshita Mary Varghese (Reuters) - Uber is working with Tesla to promote use of electric vehicles by its drivers in the United States as it works towards becoming emission-free in U.S. and Canadian cities by 2030, the ride-hailing platform told

News, Tech

By Harshita Mary Varghese (Reuters) - Uber Technologies will raise the minimum wage it pays drivers in France as part of a wider agreement between ride-hailing companies and driver representatives in the country, the company said on Wednesday. Drivers will earn a

4i magazine was founded with the vision of enabling our readers to make sense of the modern world. Our mission is to provide our audience with the most important, cutting-edge tech news and insights. Today's media landscape features too much information and not enough knowledge. Our coverage aims to fix that, by focusing the spotlight on developing trends, up-and-coming talents, and news that's worth your attention.

info@4imag.com
jobs@4imag.com

© Copyright 4i Mag 2022 All Rights Reserved