Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Uber Investigating Data Breach After Hacker Claims Extensive Compromise

Uber hacked

Uber hacked

Uber “responding to a cybersecurity incident” after hacker claims to have breached several systems

Uber has launched an investigation after a hacker claimed to have breached many of the ride sharing giant’s systems.

Uber has not shared any information, but it has confirmed that it’s responding to a cybersecurity incident. The company says law enforcement has been notified and it has promised to share updates on Twitter.

One individual has taken credit for the attack. He has posted several screenshots and talked to members of the cybersecurity community and the media to demonstrate his claims. Some Uber employees have also apparently confirmed that the company’s systems have been breached.

The hacker told The New York Times he is 18 years old and that he used SMS phishing to trick an Uber employee into handing over their credentials. He said he has been working on his cybersecurity skills for years.

Researcher Corben Leo reported that after obtaining the employee’s credentials, the hacker allegedly logged into the company’s VPN and scanned its intranet, where he found a network share containing PowerShell scripts. One of these scripts contained admin user credentials for a privilege access management service that enabled him to obtain ‘secrets for all services’, including cloud and identity services, the hacker said.

Vx-underground, which provides malware samples and other resources, said the hacker has posted screenshots apparently showing that he gained access to AWS instances, an internal tool showing financial information, a vSphere instance, a Google Workplace account, a cybersecurity product dashboard, and even one of Uber’s accounts on the HackerOne bug bounty platform.

HackerOne has temporarily disabled the Uber program and is assisting the company. Researcher Sam Curry reported that the hacker commented on every vulnerability report on HackerOne, claiming to have breached many of the ride sharing company’s systems. There is some concern that the attacker downloaded reports for unpatched and undisclosed vulnerabilities.

Curry said he learned from an Uber employee that the attacker also gained access to Slack and that employees were redirected to pornographic content when trying to access websites. The hacker started writing messages on Slack, telling employees that Uber has been hacked, but some staff thought it was a joke, even after they were instructed to stop using Slack.

This is not the first time Uber has been breached. In 2016, the details of 57 million riders and drivers were taken from the company’s systems by two individuals living in the United States and Canada.

The company recently reached a settlement with federal investigators over its efforts to cover up the 2016 breach, but Uber’s then-CSO, Joe Sullivan, is facing a trial over his alleged role in the cover-up, which included paying the attackers $100,000 through its bug bounty program to destroy the stolen data and make it look like the breach had a smaller impact.

Related: Twilio, Cloudflare Attacked in Campaign That Hit Over 130 Organizations

Related: Okta Says Customer Data Compromised in Twilio Hack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.