New Delhi: Uber said Thursday it reached out to law enforcement after a hacker apparently breached its network. A security engineer said the intruder provided evidence of gaining access to critical systems in the ride-hailing service.
There was no indication that Uber’s fleet or operations were affected in any way.
“They seem to have compromised a lot of things,” said Sam Curry, an engineer. Yug Labs who contacted the hacker. He said this includes full access to the cloud environments hosted by Amazon and Google where Uber stores its source code and customer data.
Curry said he spoke to several Uber employees who said they were “working to shut everything down internally” to restrict the hacker’s access. This includes the San Francisco company’s Slack internal messaging network, he said.
He said there was no indication that the hacker had done any harm or was interested in anything more than propaganda. “My gut feeling is that it looks like they’re out to get as much attention as possible.”
Hackers alerted Curry and other security researchers on Thursday evening to comment on vulnerabilities they previously identified on the company’s network through its bug-bounty program, using an internal Uber account to infiltrate. Ethical pays hackers to fix network vulnerabilities.
The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they were broken into.
The Associated Press attempted to contact the hacker on a Telegram account where Curry and other researchers chatted with him. But nobody answered.
The New York Times reported that the man who took responsibility for the hack said he gained access through social engineering: he sent a text message to an Uber employee claiming to be a company technical employee and asked the worker to hand over a password. Persuaded who gave them access to the network.
The Times said the hacker reported being 18 years old and said he broke in because the company’s security was weak.
A screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.
Social engineering is a popular hacking strategy, as humans are the weakest link in any network. Teenagers Used Similar Trick to Hack Twitter in 2020
Uber said via email that it was “currently responding to a cybersecurity incident. We are in contact with law enforcement.” It said it would provide updates on its Uber coms Twitter feed.
The company has been hacked before.
Its former chief security officer, Joseph Sullivan, is currently at trial over allegations he arranged to pay hackers $100,000 to cover up a 2016 high-tech robbery that contained the personal information of about 57 million customers and drivers. was stolen.
There was no indication that Uber’s fleet or operations were affected in any way.
“They seem to have compromised a lot of things,” said Sam Curry, an engineer. Yug Labs who contacted the hacker. He said this includes full access to the cloud environments hosted by Amazon and Google where Uber stores its source code and customer data.
Curry said he spoke to several Uber employees who said they were “working to shut everything down internally” to restrict the hacker’s access. This includes the San Francisco company’s Slack internal messaging network, he said.
He said there was no indication that the hacker had done any harm or was interested in anything more than propaganda. “My gut feeling is that it looks like they’re out to get as much attention as possible.”
Hackers alerted Curry and other security researchers on Thursday evening to comment on vulnerabilities they previously identified on the company’s network through its bug-bounty program, using an internal Uber account to infiltrate. Ethical pays hackers to fix network vulnerabilities.
The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they were broken into.
The Associated Press attempted to contact the hacker on a Telegram account where Curry and other researchers chatted with him. But nobody answered.
The New York Times reported that the man who took responsibility for the hack said he gained access through social engineering: he sent a text message to an Uber employee claiming to be a company technical employee and asked the worker to hand over a password. Persuaded who gave them access to the network.
The Times said the hacker reported being 18 years old and said he broke in because the company’s security was weak.
A screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.
Social engineering is a popular hacking strategy, as humans are the weakest link in any network. Teenagers Used Similar Trick to Hack Twitter in 2020
Uber said via email that it was “currently responding to a cybersecurity incident. We are in contact with law enforcement.” It said it would provide updates on its Uber coms Twitter feed.
The company has been hacked before.
Its former chief security officer, Joseph Sullivan, is currently at trial over allegations he arranged to pay hackers $100,000 to cover up a 2016 high-tech robbery that contained the personal information of about 57 million customers and drivers. was stolen.