free counter

Uber investigating breach of its personal computers


It is a total compromise, from what it appears like.

The Uber offices in SAN FRANCISCO BAY AREA. Jim Wilson/The NY Times

By Kate Conger and Kevin Roose, NY Times Service

Uber discovered its computer network have been breached Thursday, leading the business to take many of its internal communications and engineering systems offline since it investigated the extent of the hack.

The breach seemed to have compromised a lot of Ubers internal systems, and an individual claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and THE BRAND NEW York Times.

They just about have full usage of Uber, said Sam Curry, a security engineer at Yuga Labs who corresponded with the one who claimed to lead to the breach. It is a total compromise, from what it appears like.

An Uber spokesperson said the business was investigating the breach and contacting police.

Uber employees were instructed never to utilize the companys internal messaging service, Slack, and discovered that other internal systems were inaccessible, said two employees, who have been not authorized to speak publicly.

Shortly prior to the Slack system was taken offline Thursday afternoon, Uber employees received a note that read: I announce I’m a hacker and Uber has suffered a data breach. The message continued to list several internal databases that the hacker claimed have been compromised.

The hacker compromised a workers Slack account and used it to send the message, the Uber spokesperson said. It appeared that the hacker was later in a position to access other internal systems, posting an explicit photo on an interior information page for employees.

The one who claimed responsibility for the hack told the days he had sent a text to an Uber worker claiming to become a corporate it person. The worker was persuaded at hand over a password that allowed the hacker to get usage of Ubers systems, a method referred to as social engineering.

These kinds of social engineering attacks to get a foothold within tech companies have already been increasing, said Rachel Tobac, CEO of SocialProof Security. Tobac pointed to the 2020 hack of Twitter, where teenagers used social engineering to break right into the business. Similar social engineering techniques were found in recent breaches at Microsoft and Okta.

We have been since attackers are receiving smart and in addition documenting what’s working, Tobac said. They will have kits given that make it better to deploy and use these social engineering methods. Its become almost commoditized.

The hacker, who provided screenshots of internal Uber systems to show his access, said he was 18 yrs . old and have been focusing on his cybersecurity skills for quite some time. He said he previously broken into Ubers systems as the company had weak security. In the Slack message that announced the breach, the individual also said Uber drivers should receive higher pay.

The individual appeared to get access to Uber source code, email along with other internal systems, Curry said. It looks like maybe theyre this kid who experienced Uber and doesnt know very well what related to it, and is getting the time of his life, he said.

Within an internal email that has been seen by the days, an Uber executive told employees that the hack was under investigation. We dont have an estimate at this time concerning when full usage of tools will undoubtedly be restored, so many thanks for bearing around, wrote Latha Maripuri, Ubers chief information security officer.

It had been not the 1st time a hacker had stolen data from Uber. In 2016, hackers stole information from 57 million driver and rider accounts, then approached Uber and demanded $100,000 to delete their copy of the info. Uber arranged the payment, but kept the breach secret for greater than a year.

Joe Sullivan, who was simply Ubers top security executive at that time, was fired for his role in the companys reaction to the hack. Sullivan was charged with obstructing justice for failing woefully to disclose the breach to regulators and happens to be on trial.

Lawyers for Sullivan have argued that other employees were in charge of regulatory disclosures and said the business had scapegoated Sullivan.

This short article originally appeared in THE BRAND NEW York Times.

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker