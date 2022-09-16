Uber’s computer network was hacked Thursday, prompting the company to take several of its internal communications and engineering systems offline while it investigates the extent of the breach.
The hack appears to have damaged several Uber’s internal systems, and someone claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and the New York Times.
“They have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who spoke with the person who claimed responsibility for the breach. “That’s a complete compromise, from what it looks like.”
An Uber spokesperson said the company is investigating the breach and contacting law enforcement officials.
Two employees who were not authorized to speak publicly said Uber employees were instructed not to use the company’s internal messaging service, Slack, and found that other internal systems were inaccessible.
Shortly before Slack shut down on Thursday afternoon, Uber employees received a message that read, “I announce that I am a hacker and that Uber has had a data breach.” The message went on to list several internal databases that the hacker claimed had been compromised.
An Uber spokesperson said the hacker hacked into a Slack worker account and used it to send the message. It appears that the hacker later gained access to other internal systems, posting a scandalous photo on an employee’s internal information page.
The person who claimed responsibility for the hack told the New York Times that he sent a text message to an Uber employee claiming to be an IT employee at the company. The worker was persuaded to hand over a password that would allow the hacker to gain access to Uber’s systems, a technique known as social engineering.
“These types of social engineering attacks are increasing to gain a foothold within tech companies,” said Rachel Tobak, CEO of SocialProof Security. Ms. Tupac referred to the Twitter hack of 2020, in which Teens used social engineering to break into the company. similar social engineering techniques It has been used in recent breaches at Microsoft and Okta.
“We are seeing that the attackers are getting smarter and they are also documenting what is working,” said Ms. Tupac. “They have groups now that make it easy to spread and use these social engineering tactics. It has become almost commoditized.”
The hacker, who provided screenshots of Uber’s internal systems to prove his access, said he was 18 years old and had hacked into Uber’s systems because the company’s security was poor.
Carey said the person appeared to have access to Uber’s source code, email and other internal systems. “Looks like they might be this kid who’s got into Uber and doesn’t know what to do with it, and has a lot of time in his life,” he said.
In an internal email seen by The New York Times, an Uber executive told employees that the hack was under investigation. “We don’t have an estimate at this time on when full access to the tools will be restored, so thank you for bearing with us,” wrote Latha Maribury, Uber’s chief information security officer.
This isn’t the first time a hacker has stolen data from Uber. In 2016, hackers stole information from 57 million driver and passenger accounts, then contacted Uber and $100,000 student to delete their copy of the data. Uber arranged the payment but kept the breach a secret for more than a year.
Joe Sullivan, who was Uber’s chief security officer at the time, was fired for his role in the company’s response to the hack. Mr. Sullivan has been charged with obstruction of justice for failing to disclose the breach to regulators and is now on trial.
Mr. Sullivan’s lawyers They argued that other employees were responsible for the regulatory disclosures and said the company had made Mr. Sullivan a scapegoat.
More Stories
Mortgage rates hit 6 percent for the first time since 2008
Ethereum merger concludes at a crucial moment for the crypto market
Stock futures rise slightly ahead of a fresh batch of economic data