An 18-year-old hacker has taken responsibility for hacking Uber and Dubbedthe details are not looking good for the rideshare company.
This Tweet is currently unavailable. It might be loading or has been removed.
On Thursday night, Uber announced that it had suffered a "cybersecurity incident" and that it was working with law enforcement on the issue. A reportin the New York Timesdetailed the "incident" as a data breach that had taken many of Uber's internal systems offline. As many more details have leaked from Uber employees, however, we now know much more about what happened.
SEE ALSO: 5 damning revelations from the Uber FilesSo, how did it go down? An 18-year-old hacker deployed basic social engineering techniques targeting an Uber employee. The hacker told the New York Timesthat he simply posed as an IT worker from corporate in a text message and was able to convince the employee to send over a password that gave him access.
"This is yet another example of what attack after attack has shown: social engineering is the predominant way that companies fall victim to breaches, and adversaries know it works," said Josh Yavor, chief information security officer for the cloud security company Tessian, in a statement to Mashable. "We keep seeing the same tactics play out regardless of the adversary or victim: adversaries know that people can be tricked into giving up their passwords."
On top of the simplicity of the hack, there's another incredible facet to this breach: Uber didn't know it was hacked until the teen hacker announcedhimself in the company's Slack channel.
This Tweet is currently unavailable. It might be loading or has been removed.
"Hi @here," the hacker's message began. "I announce i am a hacker and uber has suffered a data breach."
The hacker proceeded to run down some of the company's internal systems that were compromised, like Slack for example, and ended his message by calling out Uber for underpaying its drivers.
Uber employees, at first, thought the whole thing was a joke.
Sam Curry, a staff engineer at Yuga Labs, the company behind the Bored Ape Yacht Club NFT project, sharedadditional information about the hack which he says he received from a contact at Uber.
According to Curry's source, Uber's domain admin, Amazon Web Services admin, and GSuite were among some of the company accounts that were compromised. Screenshots, allegedly from the hacker, quickly spread showing his access to these services.
This Tweet is currently unavailable. It might be loading or has been removed.
"Anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers,” explained Curry's Uber source.
Uber also quickly warned its employees to stay away from Slack, but according to Curry's contact, many people in the company kept logging back on to check out everyone's joke responses.
This Tweet is currently unavailable. It might be loading or has been removed.
In its report on the hack, The Verge highlighted a Twitter thread from security researcher Corben Leo who got a bit technical with how the hacker was able to gain access to so many internal systems. Basically, once the employee sent his password to the teen, the young hacker was able to access the company VPN, scan the intranet, and find Powershell scripts containing credentials for multiple services.
This Tweet is currently unavailable. It might be loading or has been removed.
"Gaining entry to private data inside VPNs needs to be difficult and behind strict protections," explained Jack Moore, global cyber security advisor at cybersecurity company ESET, in a statement provided to Mashable. "Using a simple SMS as a vehicle to hack into their systems now leaves Uber with a lot of questions about how much data was compromised via such an easy method.”
Moore said that the attack should "highlight once again the importance of training staff to remain eagle eyed and with the ability to spot targeted phishing attempts and double check before handing over any sort of credentials."
This isn't the first time Uber has been hacked. Back in 2016, a 20-year-old was responsible for a security breachthat affected 57 million Uber customers around the world. This time time around, however, Uber says that sensitive user data wasn't compromised.
Topics Cybersecurity Uber
Previous:Momentive’s Hundred Days
Next:Faux-Pas at MOMA
A Low, Dishonest Decade
Staff Picks: Barbie's Dream House, All the Single Ladies by The Paris Review
Posters from the Paris Protests, 1968 by Atelier Populaire
Three Events with Our Editors by The Paris Review
The Deal of the Art
Assault on the Minibar by Dubravka Ugresic
Win Tickets to BAM’s Artist Talk! by Sadie Stein
From the Cloakroom, at the Booker by Jonathan Gharraie
Twilight of the Racist Uncles
Assault on the Minibar by Dubravka Ugresic
Mariah Carey Has a Cold
Abstracts by Scott Treleaven
The Driftwood Remains: My Search for A Bankable Title by Shalom Auslander
Cycling; Second
Stalking the Story
At the Hotel Roquefort by James Jones
Posters from the Paris Protests, 1968 by Atelier Populaire
Congratulations to Tomas Tranströmer by Lorin Stein
Trump’s Family Leave Shell Game
Posters from the Paris Protests, 1968 by Atelier Populaire
This nice young man informed a grandma she was filming herself by accident and it's gone viralSupreme Court declines to hear appeal in Samsung vs Apple patent caseThanksgiving turkey tips from the experts at Butterball's Talk LineAmazon celebrates Alexa's third birthday with these November 6 dealsHere's the best and fastest way to open the app switcher on iPhone XNutella quietly changes its beloved recipeGood news: The iPhone X won't bend in your super skinny jeansAsia Argento shares list of 100+ Harvey Weinstein accusersWhy would Disney want to buy a big chunk of 21st Century Fox? Netflix.Kevin Spacey accused of sexual misconduct by Richard Dreyfuss' sonA new iPhone patent shows Apple is considering a hand tracking featureWatch as this oil painting loses 200Indonesia wanted to block WhatsApp because people are sending 'obscene GIFs'Here's what Android looked like a decade agoHere's what it's like to have climate change affect your island home'Stranger Things' almost killed off ElevenRyan Reynolds wonders what a Disney 'Deadpool' would look like, gets glorious responseTiffany & Co. is selling a $9,000 ball of yarn and everything is ridiculousHere's what it's like to have climate change affect your island homeSamsung hid a savage easter egg in its latest anti Hey Radiohead, please tell us what this mysterious video means Teen cashes in on the perfect revenge after being dumped by prom date Money saving tips from Alexa von Tobel, Ann Shoket and more Your weekend hate read is this ridiculously dumb New York Times op 'Wonder Woman' gets her name in a new TV spot Lost kitten finally found hanging out in tissue box Twitter news video will appear 24/7, thanks to Bloomberg Yes, this Mets score is real If you want to find real love, find yourself someone who loves HGTV The internet is having trouble feeling sorry for the folks at Fyre Festival Selena Gomez reacts to huge '13 Reasons Why' reception, teases Season 2 Scoreboard proposal at Fenway Park goes painfully wrong Someone created a dumpling burger hybrid and we, as a species, must be stopped The Gabby Douglas #Shero doll is the Barbie we desperately need It's the end of the line for Yik Yak Amazon wants to make Alexa sound like your human friends Ellen celebrates 20th anniversary of her 'coming out' episode with Oprah Slick magician takes the thumb trick to the next scary level Some users say their Samsung Galaxy S8 keeps restarting for no reason Boom Jets could land in Dubai after an executive pitch