UThursday’s statement by Ber stated that it made contact with law enforcement following an apparent hacker attack on its network. According to a security engineer, the hacker provided proof that he had gained access to critical systems of the ride-hailing company.
There was no indication that Uber’s fleet of vehicles or its operation was in any way affected.
“It seems like they’ve compromised a lot of stuff,” said Sam Curry, an engineer with Yuga Labs who communicated with the hacker. He said that Uber has complete access to cloud environments hosted by Amazon or Google, where it stores its source code.
Curry said he spoke to several Uber employees who said they were “working to lock down everything internally” to restrict the hacker’s access. That included the San Francisco company’s Slack internal messaging network, he said.
Continue reading: Uber’s Sheepish Whistle. Now She’s Releasing Fiction About Scammers and Strivers
The hacker was not causing any damage, or even being interested in more publicity. “My gut feeling is that it seems like they are out to get as much attention as possible.”
The hacker had alerted Curry and other security researchers to the intrusion on Thursday evening by using an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network through its bug-bounty program,It pays network security experts to spot weaknesses in the networks.
The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.
The Associated Press tried to reach Curry and other researchers via Telegram, but no one responded. No one replied.
The New York Times reports that someone claimed the hacker used social engineering to get access. The person sent an SMS to Uber workers claiming they were employees of the company and requested that the worker give them a password which gave them access.
The Times reported that the hacker was aged 18 and claimed they broke into company security due to weak security.
Continue reading: Poppy Gustafsson (CEO of Darktrace) on Fighting Hackers during the Cybercrime Wave
Researchers confirmed one screenshot on Twitter. It shows the hackers having a chat in which the hackers claim they have the credentials to an administrator user by social engineering.
Because humans are often the weakest link in any network, social engineering has become a very popular hacking technique. A similar strategy was used by teens to hack Twitter in 2020.
Uber said via email that it was “currently responding to a cybersecurity incident. We are in touch with law enforcement.” It said it would provide updates on its Uber Comms twitter feed.
This company was hacked once before.
Joseph Sullivan (the former chief security officer) is on trial for allegedly conspiring to pay $100,000 to hackers in an attempt to hide a 2016 high tech heist that saw the theft of personal information from approximately 57,000,000 customers.
Read More From Time
Read More From Time