Uber hacked
Uber was the victim of a cyberattack on the afternoon of Thursday, 15 September 2022, with the culprit compromising its internal systems, email dashboard, and Slack server, Bleeping Computer reports.
The attacker also accessed Uber vulnerability reports and shared screenshots which appear to prove that they had full access to various critical Uber IT systems.
The compromised critical systems include Uber’s security software, Windows domain, Amazon Web Services console, email admin dashboard, and Slack server — to which the hacker posted messages.
Uber confirmed the attack on its Communications Twitter account.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” it said.
The New York Times spoke to the malicious actor.
They revealed that they gained access to Uber’s IT systems by performing a social engineering attack on an employee, through which they managed to steal the employee’s password.
According to Yuga Labs security engineer Sam Curry, the attacker also managed to access the company’s HackerOne bug bounty programme and commented on all of Uber’s bug bounty tickets.
“UBER HAS BEEN HACKED (domain admin, aws admin, vsphere admin, gsuite SA) AND THIS HACKERONE ACCOUNT HAS BEEN ALSO,” one of the comments reads.
Now read: Serious security flaw in Microsoft Teams
Loading ...