Uber has been hacked in an assault that seems to have breached the ride-hailing firm’s inner techniques.
The California-based firm confirmed it was responding to a “cybersecurity incident”, after the New York Occasions reported that a hack had accessed the corporate’s community and compelled it to take a number of inner communications and engineering techniques offline. The hacker claimed to be 18 years outdated, in keeping with the report.
Uber confirmed that there are not any points with the corporate’s service, which operates in additional than 10,000 cities world wide.
We're presently responding to a cybersecurity incident. We're in contact with regulation enforcement and can submit further updates right here as they turn into accessible.
A hacker compromised the worker office messaging app Slack and used it to ship a message to Uber workers asserting that it had suffered a knowledge breach.
Sam Curry, a senior engineer at non-fungible token creator Yuga Labs, mentioned he was contacted by the Uber hacker on the HackerOne platform and had been proven “very convincing” screenshots of full administrative entry to Uber’s cloud providers.
“From my understanding, the attacker had keys to the dominion after acquiring an inner file with credentials to almost every thing,” Curry advised the Guardian. He added: “Based mostly on the screenshots and my understanding of the hack, they doubtless had entry to learn/modify the cloud providers which run Uber and retailer person info.”
The corporate has been hacked earlier than. Its former chief safety officer, Joseph Sullivan, is on trial on allegations he organized to pay hackers $100,000 as a part of an try and cowl up a 2016 assault during which the non-public info of about 57 million clients and drivers was stolen.
Alan Woodward, a professor of cybersecurity at Surrey College, mentioned: “Because the hacker does seem to have such high-level entry it’s additionally going to be tough for Uber to know they've managed to take away the hacker from the community. It might imply a significant rebuild of their techniques, which can trigger severe disruption.”
It appeared the hacker was in a position to achieve entry to different inner firm techniques, posting an express photograph on an inner info web page for workers, in keeping with the New York Occasions. “We're in contact with regulation enforcement and can submit further updates right here as they turn into accessible,” Uber mentioned within the tweet confirming the assault.
The Slack system was taken offline on Thursday afternoon by Uber after workers obtained the message from the hacker.
“I announce I'm a hacker and Uber has suffered a knowledge breach,” the message learn, happening to checklist a number of inner databases that had been claimed to be compromised, the report added.
The New York Occasions reported that the one that claimed duty for the hack mentioned they gained entry by social engineering, a time period for tricking an worker into granting entry.
The hacker despatched a textual content message to an Uber employee claiming to be an organization tech worker and persuaded the employee handy over a password that gave them entry to the community. The hacker, who had supplied a Telegram account deal with, mentioned they broke in as a result of the corporate had weak safety, in keeping with the report.
Employees on the firm had been instructed to not use Slack. Different inner techniques, too, had been reportedly inaccessible.
Post a Comment