The moments of tension Uber often involve protests from drivers or complaints from passengers. But on Thursday (15), it was different. The company was attacked hacker. The incident exposed security, email and internal communication systems, for example. Apparently, the action was carried out by an 18-year-old.
Uber’s app operations were not affected. In addition, there is, so far, no evidence that user data was compromised in the attack. However, the incident has caused inconvenience to the company.
Shortly after the attack, the attacker released several screenshots that show Uber’s internal systems, some of which are critical. The company’s AWS account console, VMware ESXi virtual machines, and a Google Workspace email dashboard are some examples.
As a result, several internal services were disabled, some by the attacker, others by Uber itself. Among those that have been disabled by the company is the Slack corporate messaging service. It was there that the hacker announced the invasion.
“I announce that I am a hacker”
Shortly after the attack was carried out, the attacker posted a message on Uber’s internal Slack that read: “I announce that I am a hacker and that Uber has suffered a data breach.”
The screenshot of this message shows that the company’s employees reacted with various emojis. That’s because, initially, they thought it was all a joke, reports the Washington Post.
To New York Times, the hacker who claimed the attack said he sent a message to an Uber employee claiming to be from the company’s IT team. The attacker then used arguments to convince the employee to reveal his password. That’s when the damage began.
The hacker also told the newspaper that he was 18 years old and that he carried out the attack simply because Uber has weak security. However, in the message posted on Slack, the attacker posted a hashtag suggesting that the company does not pay drivers on the platform well. This implied that the action was also a form of protest.
Attack is more serious than it looks
Uber didn’t take long to recognize the invasion. via Twitterthe company posted the following message:
We are currently dealing with a cybersecurity incident. We are in contact with the authorities and will post additional information as it becomes available.
There are plenty of reasons for the company to be concerned. If, for now, the attack appears to be just a prank by a young man, on the other hand, the later consequences can be very serious.
Reason: The attacker said he had access to Uber’s source code and that he could leak it within a few months. To make matters worse, security expert Sam Curry told BleepingComputer that the hacker also had access to HackerOne’s system.
HackerOne is a program that rewards participants who report bugs in Uber’s systems or apps. For obvious reasons, these reports should be kept confidential until their respective vulnerabilities are fixed.
If the attacker actually had access to them, the company could face other security issues in the near future.
https://tecnoblog.net/noticias/2022/09/16/uber-sofre-invasao-e-funcionarios-acharam-que-aviso-do-hacker-era-piada/