some hosts Uber’s systems have been reported to have been hacked, and the company is currently investigating what could be a serious security incident.. Thursday night (15th), a hacker could take control of several company systemsIncluding Slack, AWS, Google Workspace, HackerOne and more.
We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post additional updates here as they become available.
— Uber Communications (@Uber_Comms) 16 September 2022
The person allegedly responsible for infiltrating a number of Uber’s internal systems was to be an 18-year-old. New York Times. The hacker in question would have gained full access to the company’s data.
Inappropriate access occurred at the administrator level in Uber’s Amazon Web Services environment and Slack, in addition to a G Suite account with 1PB in use. The attacker would also have gained access to virtual machines (VMware), internal financial data, spending and more. User and driver data may have been compromised.
UPDATE: More Uber insights data exposed: vSphere, Google workplace data, and more AWS data. pic.twitter.com/aTSBBuyust
— vx-underground (@vxunderground) 16 September 2022
On Telegram and also on social media, screenshots from Slack and other areas of the company were shared with jokes and warnings that Uber was hacked. While Uber has not commented effectively on the case, it is still unclear what was actually compromised. However, if confirmed this could be one of the most severe invasions the company (and at different levels) has ever suffered..
How was Uber hacked?
The attacker, who had access to the HackerOne account, reportedly posted updates on the bug bounty page that bragged about accessing Uber systems. If approved, it may also have access to the company’s vulnerability reports.
From an Uber employee:
Feel free to share but please don’t give credit to me: We received an “URGENT” email from IT security at Uber telling us to stop using Slack. Now whenever I request a website, I am directed to a REDACTED page with a pornographic image and the message “F*** you idiots”.
— Sam Curry (@samwcyo) 16 September 2022
According to information shared by security researchers, the attacker would have used phishing techniques via text messages to trick an employee and then gain access to an Uber VPN. An administrator would then find a PowerShell script with credentials for the user and these would be used to log into systems.
by New York TimesShortly after the hacker’s allegations, employees were told to stop using the company’s Slack, and other corporate systems were shut down as a security measure. However, information spread that employees believed it was some kind of joke, and he continued to send messages with jokes.
Source: Tec Mundo
