The hacker then bombarded the employee with push notifications asking they confirm a remote log-in to their account. The hacker first obtained the password of an Uber employee, likely through phishing. Screenshots posted online appeared to confirm what the researchers said the hacker claimed: That they obtained privileged access to Uber's most critical systems through social engineering. The AP attempted to contact the hacker at the Telegram account, but received no response. Curry and other researchers then engaged them in a separate conversation, where the intruder provided the screenshots as proof. The hacker alerted the researchers to the intrusion Thursday by using an internal Uber account on the company's network used to post vulnerabilities identified through its bug-bounty program, which pays ethical hackers to ferret out network weaknesses.Īfter commenting on those posts, the hacker provided a Telegram account address. Uber did not recommend any specific actions for its users, such as changing passwords. Uber said there was no evidence that the intruder accessed "sensitive user data" such as trip history but did not respond to questions from The Associated Press including about whether data was stored encrypted.Ĭurry and Leo said the hacker did not indicate how much data was copied. The FBI said via email that it is "aware of the cyber incident involving Uber, and our assistance to the company is ongoing." It said all its services - including Uber Eats and Uber Freight - were operational and that it had notified law enforcement. In a statement posted online Friday, Uber said "internal software tools that we took down as a precaution yesterday are coming back online." That included the San Francisco company's Slack network, he said. "It's pretty clear he's a young hacker because he wants what 99% of what young hackers want, which is fame," Leo said.Ĭurry said he spoke to several Uber employees Thursday who said they were "working to lock down everything internally" to restrict the hacker's access. Leo, along with Sam Curry, an engineer with Yuga Labs who also communicated with the hacker, said there was no indication that the hacker had done any damage or was interested in anything more than publicity. Also widely circulating online: The hacker announcing the breach Thursday on Uber's internal Slack collaboration system. Screenshots the hacker shared - many of which found their way online - showed sensitive financial data and internal databases accessed. He could download customer data, change people's passwords," said Leo, a researcher and head of business development at the security company Zellic. "If he had keys to the kingdom he could start stopping services. Leo said screenshots the hacker shared showed the intruder got access to systems stored on Amazon and Google cloud-based servers where Uber keeps source code, financial data and customer data such as driver's licenses. The hack "wasn't sophisticated or complicated and clearly hinged on multiple big systemic security culture and engineering failures," tweeted Lesley Carhart, incident response director of Dragos Inc., which specializes in an industrial-control systems. The cybersecurity community's online reaction - Uber also suffered a serious 2016 breach - was harsh. It's awful," said Corbin Leo, one of the researchers who chatted with the hacker online. There was no indication they destroyed data.īut files shared with the researchers and posted widely on Twitter and other social media indicated the hacker was able to access Uber's most crucial internal systems. Two researchers who communicated directly with the person - who self-identified as an 18-year-old to one of them - said they appeared interested in publicity. It is not known how much data the hacker stole or how long they were inside Uber's network. The potential damage was serious: Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data. They were then able to locate passwords on the network that got them the level of privileged access reserved for system administrators. The ride-hailing service Uber said Friday that all its services were operational following what security professionals are calling a major data breach, claiming there was no evidence the hacker got access to sensitive user data.īut the breach, apparently by a lone hacker, put the spotlight on an increasingly effective break-in routine involving social engineering: The hacker apparently gained access posing as a colleague, tricking an Uber employee into surrendering their credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |