Journey hailing big Uber disclosed Thursday it is responding to a cybersecurity incident involving a breach of its community and that it is in contact with regulation enforcement authorities.
The New York Instances first reported the incident. The corporate pointed to its tweeted assertion when requested for touch upon the matter.
The hack is claimed to have pressured the corporate to take its inside communications and engineering programs offline because it investigated the extent of the breach.
The publication mentioned the malicious intruder compromised an worker’s Slack account, and leveraged it to broadcast a message that the corporate had “suffered an information breach,” along with itemizing inside databases that is purported to have been compromised.
“It appeared that the hacker was later in a position to achieve entry to different inside programs, posting an specific photograph on an inside data web page for workers,” the New York Instances mentioned.
Uber has but to supply further particulars concerning the incident, however evidently the hacker, believed to be an 18-year-old teenager, social-engineered the worker to pay money for their password by masquerading as a company IT individual and used it to acquire a foothold into the interior community.
“As soon as on the interior community, the attackers discovered excessive privileged credentials laying on a community file share and used them to entry every little thing, together with manufacturing programs, corp EDR console, [and] Uber slack administration interface,” Kevin Reed, chief data safety officer at Acronis, instructed The Hacker Information.
Replace: A Risk Actor claims to have fully compromised Uber – they’ve posted screenshots of their AWS occasion, HackerOne administration panel, and extra.
They’re brazenly taunting and mocking @Uber. pic.twitter.com/Q3PzzBLsQY
— vx-underground (@vxunderground) September 16, 2022
This isn’t Uber’s first breach. It got here beneath scrutiny for failing to correctly disclose a 2016 knowledge breach affecting 57 million riders and drivers, and finally paying off the hackers $100,000 to cover the breach. It grew to become public information solely in late 2017.
Federal prosecutors within the U.S. have since charged its former safety officer, Joe Sullivan, with an alleged tried cover-up of the incident, stating he had “instructed his workforce to maintain information of the 2016 breach tightly managed.” Sullivan has contested the accusations.
In December 2021, Sullivan was handed down further three counts of wire fraud to beforehand filed felony obstruction and misprision fees. “Sullivan allegedly orchestrated the disbursement of a six-figure fee to 2 hackers in change for his or her silence concerning the hack,” the superseding indictment mentioned.
It additional mentioned he “took deliberate steps to stop individuals whose PII was stolen from discovering that the hack had occurred and took steps to hide, deflect, and mislead the U.S. Federal Commerce Fee (FTC) concerning the knowledge breach.”
The newest breach additionally comes because the felony case in opposition to Sullivan went to trial within the U.S. District Court docket in San Francisco.
“The compromise is actually larger in comparison with the breach in 2016,” Reed mentioned. “No matter knowledge Uber retains, the hackers likely have already got entry.”