Uber headquarters in San Francisco (GETTY IMAGES NORTH AMERICA/AFP/JUSTIN SULLIVAN)
A hack at Uber, claimed by a young adult, sent its stock on Wall Street plummeting on Friday and prompted cybersecurity experts to recall how poorly protected many large companies are.
“We have no evidence that the incident has compromised sensitive user data,” said the vehicle reservation platform with driver (VTC) on Friday, adding that all of its services and its mobile application were “operational”.
Uber reported a “cybersecurity incident” on Thursday evening, saying it was “in contact with the authorities” about it.
Around 7:00 p.m. GMT on Friday, the Uber title lost 3.41% to 32 dollars, after dropping up to 6.79%.
According to the New York Times, a young hacker who says he is 18 obtained access codes to Uber’s internal network by posing as a member of the technical team to an employee, and thus to the intranet, source code as well as emails, according to the daily, which received screenshots from the hacker in support of its assertions.
Several cybersecurity specialists also said they had been in contact with the one who presented himself as the hacker.
– “Fed up” –
It was able to determine a valid username and password, said Graham Cluley, a cybersecurity analyst, in a blog post on Friday.
Then, the hacker “says he simply (…) bombarded an employee with multi-factor authentication requests”, until the person gave in and gave him access out of “fed up”.
Asked by AFP, Uber did not give more details than on Twitter.
“People are often the weak link”, recalled Ray Kelly, of Synopsys Software Integrity Group, a Californian IT infrastructure company, “groups spend a lot of money on hardware and security tools, but employees are not not sufficiently trained”.
On average, American companies suffer 42 cyberattacks per year, of which 3 are successful, according to the specialized company Keeper Security.
– Trial of former security director –
The incident comes as the trial takes place this week in San Francisco against former Uber IT security chief Joe Sullivan, accused of covering up a 2016 computer attack that allowed hackers to get their hands on the personal data of around 57 million platform users.
According to the indictment, Joe Sullivan, who was fired in November 2017, also arranged for the payment of a $100,000 ransom to the hackers behind the attack.
The case was not revealed until a year later, Uber then reaching an amicable agreement with the prosecutors of 50 American states, including 148 million dollars in compensation, in total, for having delayed in revealing the attack to the regulator as well as the general public.
Identified by US authorities, the two hackers behind the cyberattack were arrested and pleaded guilty to extortion before a federal judge in California in 2019. Their sentence has not yet been pronounced.
The trial of Joe Sullivan is considered a test of the vision that American justice has of the responsibilities and obligations of cybersecurity specialists within companies.
© 2022 AFP
Did you like this article ? Share it with your friends with the buttons below.
