Uber Cyber-Attack; Vulnerability reports stolen

Uber is investigating a major cyber security breach where hackers compromised its systems by performing a social engineering attack on an employee.

On September 15, an 18 years old hacker hit Uber and accessed its third-party services. The hacker said he had broken into Uber’s systems because the company had weak security.

The threat actors said they had gained access to the system via login credentials obtained from an employee through social engineering, which permitted them to access an internal company VPN.

The threat actors hacked an employee’s Slack, a workplace messaging service, which many tech companies use for day-to-day communications.

The threat actor managed to get access to Uber’s vulnerability reports, Slack server and email dashboard.

According to the New York Times, after compromising Uber’s internal slack, the hacker then went on to access other internal databases.

In one Slack message, the hacker is said to have written: “I announce I am a hacker and Uber has suffered a data breach.”

Another report from the Washington Post said the alleged attacker had breached Uber for fun and could leak the company’s source code in months. 

Initially, Employees thought the attack to be a joke and responded to Slack messages with emoji’s and GIFs.

On Friday afternoon, the company posted an additional update stating that the investigation is still ongoing but could share these additional details:

We have no evidence that the incident involved access to sensitive user data (like trip history).All of our services, including Uber, Uber Eats, Uber Freight, and the Uber Driver app, are operational.As we shared

Read more

Explore the site

More from the blog

Latest News