UPDATE: According to Uber, there is “no evidence” that the hacker responsible for the attack accessed private user information like trip histories.

The business published the update (Opens in a new window) on Friday, noting that despite the incursion, all services, including Uber, Uber Eats, and Uber Freight, continue to run regularly.

Original story: Tweet (Opens in a new window)
Uber is looking into a security hole that allowed a hacker full access to the organization’s internal systems.

According to The New York Times (Opens in a new window) , an 18-year-old hacker has taken ownership of the attack, offered evidence in the form of screenshots of inside Uber systems, and described how he utilized a social engineering strategy to carry it out.

The hacker claims to have texted an Uber employee while posing as a corporate information technology professional. The hacker gained access to Uber’s networks when the employee fell for the ruse and provided him with a password. It appears that the password gave the hacker access to the employee’s Slack account, from which point they were able to access other internal systems.

Tweet (Opens in a new window) After speaking with the hacker, Sam Curry, a security engineer at Yuga Labs, came to the conclusion that “They pretty much have complete access to Uber… It appears that this is a complete compromise.

Curry uses the phrase “complete compromise” to suggest that the hacker had access to the source code of Uber and virtually all of its internal systems, including emails. After gaining access to numerous systems, the hacker informed Uber staff via Slack that the company had experienced a data breach and provided a list of internal databases he had access to. Additionally, a pornographic image was published on an internal information page.

EDITORS’ RECOMMENDATION

Hosting Endpoint Security and Protection
” alt=””>

The Chief Information Security Officer of Uber, Latha Maripuri, wrote in an internal email that was obtained by The New York Times, “We don’t have an estimate right now as to when full access to tools will be restored, so thank you for patient with us, ” alt=””>.

No proof of a platform vulnerability, according to a statement given by Slack to Reuters (Opens in a new window) , but the company added that “Uber is a valued customer, and we are here to help them if they need us.” Uber is currently investigating what happened and has notified law enforcement while shutting down a number of its systems.

The information comes after Uber acknowledged covering up a 2016 hack, following which it paid the hackers $100,000 to destroy the data and remain silent. Joe Sullivan, the former head of security for Uber, is currently rated on trial (Opens in a new window) for criminal obstruction relating to that incident.

PCMag Logo

Security and antivirus software nominees for the 2021 Readers’ Choice Awards APPRECIATE WHAT YOU JUST READ? For direct delivery of our top privacy and security stories to your inbox, subscribe to the SecurityWatch newsletter.

Advertisements, discounts, and affiliate links could be found in this newsletter. You agree to our Terms of Use and Privacy Policy by subscribing to a newsletter. You are always free to unsubscribe from the newsletters.

SHARE
TWEET

You may also like