Uber Hacked! Sensitive Info Like Internal Systems, Email, Slack Server Exposed
Uber is investigating a cyberattack amidst reports that the company’s internal systems have been breached.
It was forced to take several internal communications and engineering systems offline.
Contents
Initially not taken seriously
The hacker, who claims to be an 18-year old, says they have administrator access to company tools like Amazon Web Services and Google Cloud Platform.
This includes access to vulnerability reports and sharing screenshots of the company’s internal systems, email dashboard, and Slack server.
Uber employees’ Slack app, a workplace messaging app was hacked to send a message to other employees informing them that the Uber systems had suffered a data breach.
This message was so brazen that many Uber employees initially thought it was a joke.
Employees accordingly responded with lighthearted emoji like sirens and popcorn, as well as the “it’s happening” GIF.
Vulnerability reports- valuable asset
A source said the attacker downloaded all vulnerability reports before they lost access to Uber’s bug bounty program.
This likely includes vulnerability reports that have not been fixed, presenting a severe security risk to Uber.
This bears significance since these vulnerability reports are meant to be kept confidential until a fix can be released to prevent attackers from exploiting them in attacks.
First incidence
Yuga Labs security engineer Sam Curry said that he first learned of the breach after the attacker left a comment on a vulnerability report he submitted to Uber two years ago.
It read, “UBER HAS BEEN HACKED (domain admin, aws admin, vsphere admin, gsuit SA) AND THIS HACKERONE ACCOUNT HAS BEEN ALSO”.
A spokesperson for the company declined to answer additional questions,
However, the company tweeted, “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available” the statement reads.
Introduction
The hacker apparently introduced himself by posting a message on the company’s internal Slack system. “I announce I am a hacker and Uber has suffered a data breach.”
They then listed confidential company information they said they’d accessed, then posted a hashtag saying that Uber underpays its drivers.
The hacker said to a news outlet that they breached Uber for fun.
He is also considering leaking the company’s source code.
Yuga Labs security engineer Sam Curr quipped “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life.”
[…] Hacker News, The Verge, Metacurity, International Business Times, MobileSyrup, Dark Reading, Trak.in, DataBreaches.net, Fossbytes, Gizmodo, Engadget, and […]
[…] Shreya Bose / Trak.in: Uber Hacked! Sensitive Info Like Internal Systems, Email, Slack Server Exposed […]
[…] Shreya Bose / Trak.in: Uber Hacked! Sensitive Info Like Internal Systems, Email, Slack Server Exposed […]