Uber is said to have suffered another particularly massive new security incident. The severity is likely far greater than the 2016 data breach. The attack may have resulted in the deletion or corruption of access logs.
On Thursday, a hacker reportedly broke into several cloud systems used internally by Uber, namely Amazon Web Services (AWS) and Google Cloud (GCP).
“Attacker claims to have completely compromised Uber, showing screenshots where he is a full administrator on AWS and GCP”, can we read in a tweet from Sam Curry. “It’s a total compromise. “Adds the Yuga Labs security engineer, who corresponded with the hacker.
SMS attack?
Uber had meanwhile shut down online access to its internal communications and engineering systems, pending the investigation, according to the New York Times. The company’s internal messaging platform, Slack, was also taken offline.
The hacker, who claims to be 18, told the New York Times that he texted an Uber employee and successfully persuaded him to reveal a password after pretending to be a member of the company’s IT staff. The social engineering hack allowed him to break into Uber’s systems, with the hacker describing the company’s security posture as weak.
With the employee’s password, the hacker was able to break into the internal VPN, says Kevin Reed, CISO of Acronis, in a LinkedIn post. The hacker then gained access to the corporate network, found credentials on the networks and used them to gain access to all systems, including production systems, endpoint detection and response (EDR) console of the company and the Slack management interface of Uber.
History of journeys and addresses
It is unclear, however, how the hacker was able to bypass two-factor authentication after obtaining the employee’s password, notes the CISO. “It’s looking bad,” he warns, noting that it’s likely that hackers will now be able to access all the data Uber has.
Asked if the impact was similar or potentially greater than the Uber data breach in 2016, the CISO told ZDNET that this latest breach was very significant. Before adding that hackers were most likely able to access this data, including journey history and addresses.
Since everything was compromised, he said there’s no way for Uber to confirm whether any data was accessed or changed, since the hackers had access to the logging systems. This means that they were able to delete or modify the access logs, explains the CISO.
The 2016 data breach
In 2016, hackers infiltrated a private GitHub repository used by software engineers at Uber and gained access to an AWS account that managed tasks performed by the ride-sharing service. They had then compromised the data of 57 million Uber accounts worldwide, having had access to names, email addresses and telephone numbers. Some 7 million drivers had also been affected, in particular through their driving licenses: the information of more than 600,000 driving licenses had been compromised.
It later emerged that Uber had covered up the data breach for more than a year, going so far as to pay the hackers to delete the information and withhold details of the breach. In 2018, the ride-hailing company reached an out-of-court settlement to pay $148 million.
Source: ZDNet.com