On Thursday, Uber announced that it is investigating an attack on the company’s systems by an 18-year-old, according to the investigation. New York Times. Today (16), the company commented again on the matter, inform you that sensitive data has not been compromised.
— Uber Communications (@Uber_Comms) September 16, 2022
According to Uber, no evidence of accessing sensitive user data such as travel data. The company has also notified authorized law enforcement officials to investigate the incident while reinforcing that all its services continue to function.
The invasion of Uber’s systems may have occurred with a phishing scam aimed at an employee of the company. The attacker would have gained access to systems such as Slack, Amazon Web Services (AWS), Google Workspace, and the company’s HackerOne account. When employees came across a message that Uber had been hacked, they believed it was a joke.
UPDATE: More Uber insights data exposed: vSphere, Google workplace data, and more AWS data. pic.twitter.com/aTSBBuyust
— vx-underground (@vxunderground) September 16, 2022
The company said in a statement today that “internal appliances, which were taken down as a precautionary measure yesterday, are back in the air this morning.”
Uber has already faced issues with break-ins
Uber in 2016 Victim of another attack that exposed data from 57 million users and drives. The company admitted that it tried to cover up the data leak and even paid $100,000 to a 20-year-old man who allegedly carried out the attack. The leak also affected Brazilian users of the platform.
Source: Tec Mundo
