What just took place? Uber is investigating a cybersecurity incident that has compromised many of its internal techniques, giving the hacker, who claims he is just 18 decades outdated, pretty much full obtain to the company's network. The breach is imagined to be as terrible as or worse than the 2016 incident that uncovered the particulars of 57 million consumers.
The New York Periods reviews that the hacker utilised a widespread social engineering system to obtain Uber's programs. He despatched a textual content message to just one of the ride-hailing giant's employees saying to be a corporate IT man or woman. The worker was persuaded to hand about their password, granting the perpetrator access to Uber's network.
The hacker presented screenshots of Uber's interior devices to the NYT as proof of his profitable assault. He instructed the publication that he is 18 yrs previous and had been doing work on his cybersecurity abilities for numerous years, including that Uber's weak security prompted him to compromise its community.
As soon as he had obtain, the hacker despatched a Slack concept to workforce that browse: "I announce I am a hacker and Uber has endured a details breach." It shown a number of compromised databases and appeared to call for Uber drivers to receive larger fork out. Uber took its inner Slack and engineering systems offline before these days as it investigated the breach.
Sam Curry, a stability engineer at Yuga Labs who corresponded with the hacker, reported the individual has complete admin access to Uber's Amazon Net Solutions and Google Cloud expert services. "It would seem like it's possible they are this kid who bought into Uber and will not know what to do with it, and is owning the time of his life," Curry stated.
In an official assertion, Uber wrote: "We are at this time responding to a cybersecurity incident. We are in contact with legislation enforcement and will publish extra updates below as they come to be obtainable."
Apart from his age, small is acknowledged about the hacker, although it can be speculated that he is British an worker explained he applied the word "wankers," and he may go by the username 'teapots2022.' He also accessed Uber's HackerOne vulnerability bug bounty account and left remarks on quite a few report tickets.
From an Uber staff:
Really feel absolutely free to share but make sure you will not credit history me: at Uber, we bought an "URGENT" e mail from IT security saying to stop applying Slack. Now at any time I ask for a site, I am taken to a REDACTED website page with a pornographic impression and the message "F*** you wankers."
— Sam Curry (@samwcyo) September 16, 2022
According to Acronis' CISO Kevin Reed, the hacker accessed generation methods, corporate EDR (endpoint detection and reaction) console, and Uber's Slack management interface. It truly is still unclear how he bypassed the 2FA after stealing the Uber employee's password, and we even now do not know if buyer information and facts has been accessed.
The breach is currently being as opposed to the 2016 incident in which the names, email addresses, and mobile phone figures of 50 million Uber shoppers, along with the own facts of 7 million motorists, were being stolen. Uber paid the hackers responsible $100,000 to delete the info and end the incident from turning into public expertise, and it concealed the breach for in excess of a yr. The enterprise experienced to shell out a $148 million settlement for the hack and its failure to disclose what occurred.
[ad_2]
0 comments:
Post a Comment