Uber confirmed it's coping with a “cybersecurity incident” after a teenage hacker reportedly breached the ride-sharing big’s inner techniques and started taunting staff with express messages and pictures.
The hacker who took accountability reportedly claims to be simply 18 years outdated, and gained entry to the ride-sharing big’s inner networks by pretending to be an IT employee and asking for an unnamed Uber worker’s password.
The alleged hacker disclosed the information breach in messages to the New York Instances and cybersecurity researchers, the outlet reported. Uber workers discovered that techniques had been compromised after the hacker posted a brazen message on the corporate’s Slack messaging platform.
“I announce I'm a hacker and Uber has suffered a knowledge breach,” the message stated. The hacker additionally reportedly posted that Uber drivers ought to be “higher compensated for his or her work.”
The hacker appeared to have gained full management of Uber’s techniques, safety engineer Sam Curry of Yuga Labs advised the New York Instances.
“They beautiful a lot have full entry to Uber,” Curry stated. “It is a whole compromise, from what it appears to be like like.”
The hacker purportedly taunted Uber workers by sharing on firm platforms. One worker advised Fortune that the hacker posted a photograph of an erect penis and the message “F— YOU DUMB WANKERS.”
The hacker advised the New York Instances that he determined to breach Uber’s techniques as a result of the corporate has weak cybersecurity measures in place.
Uber was compelled to take a number of of its inner platforms offline after studying of the in depth knowledge breach.
“We're presently responding to a cybersecurity incident,” Uber stated in a press release. “We're in contact with regulation enforcement and can put up further updates right here as they change into obtainable.”
The alleged hacker posted screenshots presupposed to be from Uber’s inner techniques to Telegram and the pictures unfold rapidly to Twitter.
The screenshots included photographs of an Amazon Internet Providers web page, a HackerOne cybersecurity platform, the dashboard for Uber’s Slack account and what gave the impression to be a web page displaying monetary info, amongst others.
Uber CEO Dara Khosrowshahi had no remark. When requested by The Put up for additional touch upon the scenario, an Uber spokesperson pointed to the corporate’s quick assertion on Twitter.
Kevin Reed, the chief info safety officer at Acronis, stated the hacker possible discovered “excessive privileged credentials laying on a community file share and used them to entry every thing.”
“What’s worse is when you had your knowledge in Uber, there’s excessive probability so many individuals have entry to it. Say, in the event that they know your e mail, they could then know the place do you reside,” Reed wrote on LinkedIn.
“This specific attacker might not have exfiltrated the information, however there is no such thing as a method of figuring out it and the entire story makes me pondering Uber was compromised by different, much less loud events.”
Post a Comment