The hacker reportedly accessed Uber’s programs by a phishing assault, a tactic that has been utilised in other large-profile hacks these kinds of as the Twilio knowledge breach.
Uber is investigating a “cybersecurity incident” following a hacker shared proof that they had acquired entry to the company’s inside techniques.
As a outcome of the breach, Uber was pressured to shut down some of its inside communications and engineering techniques, in accordance to The New York Situations who 1st described the incident.
Two staff members told The New York Periods that they ended up instructed not to use Slack, the messaging system used by Uber, pursuing the incident. The hacker reportedly messaged Uber team yesterday (15 September), listing the internal databases that experienced been compromised.
Screenshots shared by the hacker appear to display entire obtain to numerous Uber IT techniques, together with its protection software, AWS console, Slack server and Google Workspace electronic mail admin dashboard, BleepingComputer stories.
Uber confirmed the breach earlier currently (16 September) on Twitter. The firm stated it is “in touch with regulation enforcement” and will share updates when they become out there.
The New York Situations reported they spoke to the hacker, who claimed they received the password of an Uber staff as a result of a phishing attack. The hacker claimed they pretended to be with company IT and tricked the staff.
These variety of social engineering assaults have been utilised in quite a few substantial-profile knowledge breaches in recent months. For case in point, the Twilio knowledge breach took place just after staff members were tricked into sharing their login credentials.
The hackers guiding this details breach surface to be conducting an “unprecedented” phishing campaign, compromising additional than 130 organisations this yr, according to a report by cybersecurity enterprise Team-IB very last thirty day period.
This is not the initial time Uber has been topic to a info breach. The business faced a significant hack in 2016 that exposed the details of 57m customers and drivers.
Uber’s chief security officer at the time, Joe Sullivan, was fired for allegedly hoping to conceal the breach, by paying the hackers to continue to keep it quiet. Sullivan is dealing with wire fraud costs for the alleged cover up try.
10 matters you need to have to know direct to your inbox each weekday. Indicator up for the Every day Short, Silicon Republic’s digest of important sci-tech information.