A teen hacker, reportedly 18 years old, has taken responsibility for hacking Uber and the ride-sharing company is not in a good situation.
Thursday night, Uber officially announced that it has come across a cybersecurity incident and that it was working with law enforcement agencies on the issue. A report in the New York Times details the incident as a data breach that had taken many internal systems of Uber offline.
Although Uber has not disclosed anything beyond saying that it was responding to it, we know more about the incident.
What did the hacker do with Uber?
The teen hacker claimed to have gained access to the internal networks at Uber using credentials obtained from an employee. The hacker used that access to move across Uber’s internal domain to other critical systems. It is reported that the teen hacker got access to critical systems, such as email, code repository environments, and cloud storage.
But how did all of this go down? So basically, the hacker deployed basic social engineering techniques to target an Uber employee. The hacker simply posed as an IT worker from corporate with the help of a text message. Moreover, he was able to convince Uber’s employee to send over a password through which he gained access.
What is social engineering?
Social engineering is a technique or rather a manipulative technique that exploits human error to get access to private information or valuables. Cyber attackers tend to lure unsuspecting users into disclosing data or giving access to restricted systems.
Social engineering is one of the most prominent ways that companies fall victim to security intrusions and adversaries.
How did Uber get to know about the incident?
One of the interesting facts about this incident is that Uber did not know it was targeted until the hacker announced it in the company’s Slack channel. So the teen hacker messaged;
“Hi @here. I announce I am a hacker and Uber has suffered a data breach.”
He further added, “Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from phabricator have also been stolen, along with secrets from sneakers.”
The teen hacker proceeded to call out Uber for underpaying its drivers. Employees at Uber, at first, thought that the whole thing was a joke until they came to know that some systems went offline.
What’s more interesting is that Uber quickly warned its employees to not use Slack for some time, according to Sam curry, but many people kept logging into their Slack accounts to check out everyone’s joke responses. Instead of following Uber’s guidelines, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke.
Questions raised on Uber’s cybersecurity systems
A lot of questions have already been raised about Uber’s cybersecurity systems after the hacker used a simple SMS as a vehicle to get access to their systems. It now leaves Uber with a lot of questions, including how much data has been compromised through such an easy method.
This is not the first time Uber has been targeted by a hacker. In 2016, a 20-year-old man made Uber a victim of a security breach that affected nearly 57 million Uber customers across the globe. Moreover, after every cyber attack, Uber comes with a statement that “sensitive user data has not been compromised.”
What can we learn through this?
Well, we don’t usually have such complex systems in our homes like corporates, but it also teaches us something. It is important that we keep our systems installed and upgraded with the latest internet security and cyber security tools. These tools might cost a few dollars, but bring your network and devices under a safety shield.
If you want to take a step towards your safety and security, reach out to TTB Internet Security.