The giant Uber was the victim of a cyberattack, the extent of the damage of which is unknown for the moment. While the company takes stock, the hacker is fed up.
In the night from yesterday to today, Uber took his keyboard to indicate on Twitter ” currently responding to a cybersecurity incident “, so translate ” respond to a computer attack “. The VTC and meal delivery company is indeed facing a cyberattack, the scope of which it is examining. At this time, it is not known whether the data of users of its platforms has been affected. The hacker still bothered to brag about the attack, mocking the California company’s safety net in the process.
The hacker(s) would have full access to Uber
Following the attack, discovered on Thursday, Uber immediately took its communications systems, including the company’s internal messaging system, offline to learn more about the consequences of the cyberattack.
In any case, the damage seems to be significant. Our American colleagues from New York Times have been contacted by a person who may be responsible for the computer attack. In his email, he attached images of the emails, code repositories, and various information in the cloud.
If Uber, which has only communicated once on the subject for the moment, indicates that it is investigating this hack and is in contact with the police, it would seem that the hacker(s) have full access or almost. at Uber.
Shattering security and banal access to internal services thanks to social engineering
Following this attack, Uber employees were instructed not to use the company’s internal messaging service under any circumstances. The group uses the collaborative application Slack. Other internal systems were also affected, but it’s radio silence on that.
What we do know is that the hacker was able to compromise an employee’s Slack account and then use it to send a message to other employees of the company. ” I am announcing that I am a hacker and that Uber has suffered a data breach they received, along with a list of databases he may have compromised.
Initially, it was by a simple SMS sent to an employee of the group that the hacker was able to launch his work, by pretending to be a computer scientist from the company. A classic social engineering technique that worked since he managed to get himself given a password.
The hacker says he is only 18 years old and has some cybersecurity skills. He pointed to the weak security of the company and took the opportunity, in his Slack message, to demand that Uber drivers be better paid. A hacker disguised as a white knight? We are not there yet, but what is certain is that he seems to be living his best life, unlike the small computer hands of the company, overwhelmed.
Source: NY-Times
13