Uber confirmed on Thursday that it’s responding to a cybersecurity incident after reviews claimed a hacker had breached its inside community.
The ride-hailing big found the breach on Thursday and has taken a number of of its inside communications and engineering programs offline whereas it investigates the incident, in accordance with a report by The New York Times, which broke the information of the breach.
Uber stated in a press release given to TechCrunch that it’s investigating a cybersecurity incident and is involved with legislation enforcement officers, however declined to reply extra questions.
The only hacker behind the seaside, who claims to be 18 years outdated, instructed the NYT that he compromised Uber as a result of the corporate had weak safety. The attacker reportedly used social engineering to compromise an worker’s Slack account, persuading them handy over a password that allowed them entry to Uber’s programs. This has grow to be a well-liked tactic in latest assaults in opposition to well-known firms, together with Twilio, Mailchimp, and Okta.
Shortly earlier than the Slack system was taken offline on Thursday afternoon, Uber staff acquired a message that learn, “I announce I’m a hacker and Uber has suffered an information breach”, the NYT reviews. The hacker additionally reportedly stated that Uber drivers ought to obtain larger pay.
In response to Kevin Reed, CISO at cybersecurity firm Acronis, the attacker discovered excessive privileged credentials on a community file share and used them to entry every little thing, together with manufacturing programs, Uber’s Slack administration interface, and the corporate’s EDR portal.
“In the event you had your information in Uber, there’s a excessive likelihood so many individuals have entry to it,” Reed said, noting that it’s not but clear how the attacker bypassed two-factor authentication (2FA) after acquiring the worker’s password.
The attacker can be believed to have gained administrative entry to Uber’s cloud providers together with on Amazon Internet Companies (AWS) and Google Cloud (GCP), the place Uber shops its supply code and buyer information, in addition to the corporate’s HackerOne bug bounty program.
Sam Curry, a safety engineer at Yuga Labs who described the breach as a “full compromise”, stated that the risk actor probably had entry to all the firm’s vulnerability reviews, which implies they could have had entry to vulnerabilities that haven’t been fastened. HackerOne has since disabled the Uber bug bounty program.
In a press release given to TechCrunch, Chris Evans, HackerOne CISO and Chief Hacking Officer stated the corporate “is in shut contact with Uber’s safety workforce, have locked their information down, and can proceed to help with their investigation.”
This isn’t the primary time that Uber has been compromised. In 2016, hackers stole information from 57 million driver and rider accounts after which approached Uber and demanded $100,000 to delete their copy of the information. Uber organized the fee however stored the breach a secret for greater than a yr.