uber hacked

Uber attacker says they got in with a social engineering attack

Uber was the victim of a cyberattack on the afternoon of Thursday, 15 September 2022, with the culprit compromising its internal systems, email dashboard, and Slack server, Bleeping Computer reports.

The attacker also accessed Uber vulnerability reports and shared screenshots which appear to prove that they had full access to various critical Uber IT systems.
 
Hamster said:
Imagine the day the news breaks that FNB/Saxo/Gmail has been hacked and the attacked has access to client data.
Click to expand...
I was talking about from the PoV of the IT staff / incident response team at Uber, not from the general public... :)
 
Now will it go down further or do people not care.... I think people wont care
1663336312729.png
 
Been following some of this from this twitter account. It's quite extensive and I too feel for the IT staff.
This tweet I think highlights part of the problem in the industry as a whole.

https://twitter.com/x/status/1570618322026369024

The question of SE [Social Engineering] which can't always be prepared for but this incident will definitely spark a wider conversation.
Will be very interesting how Uber responds publicly based on all these screenshots shared here. The logins have been leaked [not sure how far widespread].
 
Uber Hacked - Login Credential of Uber Internal System Leaked

Not sure more than one hackerone account but above does say login credentials are out there.
Haggis McMutton said:
Where is the proof that any more than one employee's hackerone account was compromised? I haven't been following.
Click to expand...

There is also this:

How was Uber hacked?​

The hacker who claimed responsibility for the hack told NYTimes that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.
Click to expand...
 
Since this is a high-level social engineering hack. I am surprised that Uber didn't have better protocols in place. I mean,


The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.
Click to expand...

Unless the hacker, or this person is purposely setting up a ruse to disguise their methodology going about exploiting Uber.

The hacker, who provided screenshots of internal Uber systems to demonstrate his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the company had weak security. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.

The person appeared to have access to Uber source code, email and other internal systems, Mr. Curry said. “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,” he said.
Click to expand...

The hacker(s) sure is.
 
  • Like
Reactions: Yuu
The mfa required doesn't need any info to be passed on to the attacker. The target just needs to accept the prompt.

The attacker spammed the user with mfa requests for over an hour then sent a text to the user saying that the only way to stop it was to accept.

Apparently he's 18 years old
 
  • Wow
Reactions: Yuu
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X