After a major breach, Uber claims the services are up and running

After a major breach, Uber claims the services are up and running

Uber Cybersecurity (Copyright 2022 The Associated Press. All rights reserved)

Uber Cybersecurity (Copyright 2022 The Associated Press. All rights reserved)

Ride-hailing service Uber said Friday that all of its services are operational following what security professionals called a serious data breach. It said there was no evidence that the hacker had access to sensitive user data.

What appeared to be a lone hacker announced the breach on Thursday after apparently tricking an Uber employee to provide credentials.

Screenshots shared by the hacker with security researchers indicate that this person has gained full access to the cloud-based systems where Uber stores sensitive customer and financial data.

It is unknown how much data was stolen by the hacker or how long it remained within the Uber network. Two researchers who communicated directly with the person – who self-identified as an 18-year-old to one of them – said they appeared interested in advertising. There was no indication that they had destroyed the data.

But files shared with researchers and posted widely on Twitter and other social media indicated that the hacker was able to gain access to Uber’s most important internal systems.

“It was really bad the access he had. It’s terrible, ”said Corbin Leo, one of the researchers who chatted with the hacker online.

He said screenshots shared by the person showed that the intruder had access to systems stored on Amazon and Google’s Google-based servers where Uber keeps source code, financial data and customer data such as driver’s licenses. .

“If he had the keys to the kingdom he could start disrupting services. He could erase things. It could download customer data, change people’s passwords, ”said Leo, researcher and head of business development at security firm Zellic.

Screenshots shared by the hacker, many of which were found online, showed that they had access to sensitive financial data and internal databases. Among them was one in which the hacker announced the violation of Uber’s internal Slack collaboration system.

Sam Curry, a Yuga Labs engineer who also communicated with the hacker, said there was no indication that the hacker had caused harm or was interested in anything more than advertising. “My gut feeling is that they seem to be trying to get as much attention as possible.”

Curry said he spoke to several Uber employees on Thursday who said they were “working to block everything internally” to restrict the hacker’s access. That included the San Francisco-based company’s Slack network, he said.

In a statement posted online on Friday, Uber said “the internal software tools we removed as a precaution yesterday are coming back online.”

It said all of its services, including Uber Eats and Uber Freight, were operational.

The company did not respond to questions from the Associated Press, including whether the hacker had access to customer data and whether that data was stored encrypted. The company said there is no evidence that the intruder had access to “sensitive user data” such as travel history.

Curry and Leo claimed that the hacker did not indicate the amount of data copied. Uber has not recommended any specific actions for its users, such as changing passwords.

The hacker alerted researchers of the intrusion Thursday using an internal Uber account on the company’s network that was used to post vulnerabilities identified through its bug rewards program, which pays ethical hackers to track down network weaknesses.

After commenting on those posts, the hacker provided the address of a Telegram account. Curry and other researchers then engaged them in a separate conversation, in which the intruder provided screenshots of various pages from Uber’s cloud service providers to prove they had broken in.

The AP attempted to contact the hacker via the Telegram account, but received no response.

The screenshots posted on Twitter seemed to confirm what the researchers claimed the hacker claimed: that they gained privileged access to Uber’s most critical systems through social engineering. In fact, the hacker discovered the password of an Uber employee. Then, posing as a co-worker, the hacker bombarded the employee with text messages asking them to confirm that they are logged into their account. Eventually, the employee relented and provided a two-factor authentication code that the hacker used to log in.

Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teens used it in 2020 to hack Twitter, and more recently it was used in hacks by tech companies Twilio and Cloudflare.

Uber has been hacked previously.

His former head of security, Joseph Sullivan, is currently on trial on suspicion of arranging to pay $ 100,000 to hackers to cover up a 2016 high-tech robbery in which the personal information of approximately 57 million people was stolen. customers and drivers.

Leave a Reply

Your email address will not be published.