International: Uber Systems Breached by Hackers 

To examine the scope of the attack, Uber took some of its internal communications and engineering systems offline on Thursday after learning that its computer network had been compromised.

A person claiming responsibility for the attack gave screenshots of emails, cloud storage, and code repositories to cybersecurity experts and The New York Times, and it looked that many of Uber’s internal systems had been infiltrated.

Sam Curry, a security engineer at Yuga Labs who communicated with the individual who claimed responsibility for the attack, said that “they pretty much have full access to Uber.” “From what it seems, this is a complete compromise.”

According to an Uber spokeswoman, the business is looking into the security breach and has been in touch with law police.

According to two workers who were not authorized to talk in public, Uber employees were told not to use the company’s internal messaging program, Slack, and discovered that other internal services were unreachable.

Uber staff members got a message that said, “I announce I am a hacker and Uber has suffered a data breach,” just before the Slack system was shut down Thursday afternoon. The letter continued by listing several internal databases that the hacker believed were vulnerable.

According to the Uber spokeswoman, the message was sent via a hacker-invaded employee’s Slack account. The uploading of an explicit photo on an internal information website for staff suggested that the hacker was subsequently able to access additional internal systems.

According to the hacker who took the blame, he pretended to be a company information technology specialist in a text message to an Uber employee. Using a tactic called social engineering, the employee was convinced to provide a password that gave the hacker access to Uber’s computer systems.

Attackers are becoming more intelligent, and they are also keeping track of what works, according to Tobac. They now offer kits that make it simpler to implement and deploy these social engineering techniques. It’s nearly become a commodity.

The hacker stated he was 18 years old and had been honing his cybersecurity abilities for several years. He shared images of internal Uber systems to show his access. He said that the company’s lax security was the reason he was able to hack into Uber’s servers. The individual also advocated for increased compensation for Uber drivers in the Slack message announcing the breach.

An Uber official informed staff that the breach was being looked into in an internal email that was obtained by the Times. Thank you for your patience, wrote Latha Maripuri, Uber’s chief information security officer. “We don’t have an idea right now as to when full access to tools will be restored,” she wrote.

Data from Uber had been taken by hackers previously. 57 million driver and passenger accounts were compromised in 2016, and hackers demanded $100,000 from Uber to have their copy of the data deleted. Uber coordinated the payment but hid the security lapse for more than a year.

Joe Sullivan, who at the time served as Uber’s chief security officer, was let go for his involvement in the company’s reaction to the attack. For neglecting to notify regulators of the breach, Sullivan was charged with obstructing justice and is presently on trial.

Attorneys representing Sullivan have claimed that other workers were in charge of making regulatory reports and that Sullivan was being used as a scapegoat by the corporation.

Leave a Reply

Your email address will not be published. Required fields are marked *