homebusiness Newscompanies NewsUber breached claims hacker, firm says responding to cybersecurity incident

Uber breached claims hacker, firm says responding to cybersecurity incident

“It seems like they’ve compromised a lot of stuff,” AP quoted Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.

Profile image

By Asmita Pant  Sept 16, 2022 11:53:13 AM IST (Updated)

Listen to the Article(6 Minutes)
3 Min Read
Uber breached claims hacker, firm says responding to cybersecurity incident
Uber, the San Francisco-based ride-hailing service, said on Twitter on Thursday night that it was in touch with law enforcement and will have updates as soon as they are available on an unspecified cybersecurity incident.

Share Market Live

View All

The Times said the hacker reported being 18 years old and saying they broke in because the company had weak security.
The company confirmed in an email to The Associated Press on Thursday night that the tweet is authentic. It did not answer questions about what exactly was breached or whether the ride-hailing platform was affected. The email said that updates would be posted on its Uber Comms Twitter feed.
AP quoted a security engineer saying that the intruder provided evidence of obtaining access to crucial systems at the ride-hailing service. There was no indication that Uber’s fleet of vehicles or its operation was in any way affected.
“It seems like they’ve compromised a lot of stuff,” AP quoted Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.
Curry said he spoke to several Uber employees who said they were “working to lock down everything internally” to restrict the hacker’s access. That included the San Francisco company’s Slack internal messaging network, he said.
He said there was no indication that the hacker had done any damage or was interested in anything more than publicity. “My gut feeling is that it seems like they are out to get as much attention as possible.”
The hacker had alerted Curry and other security researchers to the intrusion on Thursday evening by using an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network.
The hacker provided a Telegram account address, and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.
When the Associated Press attempted to contact the hacker at the said Telegram account, no one responded.
The New York Times reported that the person who claimed responsibility for the hack said they gained access through social engineering: They sent a text message to an Uber worker claiming to be a company tech employee and persuaded the worker to hand over a password that gave them access to the network.
One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.
Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used a similar ploy in 2020 to hack Twitter.
With Agency inputs

Most Read

Share Market Live

View All
Top GainersTop Losers
CurrencyCommodities
CurrencyPriceChange%Change