Late Thursday, September 15th Uber confirmed via several tweets that it is investigating a cybersecurity incident. A hacker has claimed to have breached its internal network and posted several screenshots and comments across the internet.
According to a New York Times and TechCrunch, who broke the news of the breach, the hacker claims to be 18 years old and was motivated to hack Uber due to “weak security.”
The hacker also reportedly told The Washington Post that he “might leak source code in a few months.” He told the Post that Uber’s security is “awful.”
Uber has stated that it is investigating the cybersecurity breach and is working with law enforcement.
The hacker reportedly used social engineering to gain access to an employee’s Slack account after persuading the employee to provide the hacker with the password.
This password was then able to allow the hacker to gain access to Uber’s internal systems.
He was then able to pivot and use highly privileged credentials on a network file share, and used those credentials to access sensitive internal production systems, and the company’s EDR portal, according to the Times.
It’s unknown at this time how the hacker was able to bypass additional security mechanisms such as two-factor authentication (2FA).
Alarmingly, the hacker is reported to have gained administrative access to Uber’s cloud services on AWS, Google Cloud, as well as its HackerOne bug bounty program account. Uber source code and customer data may have also been accessed.
Uber was hacked in 2016 when hackers stole information from 57 million driver and rider accounts and demanded $100,000 from Uber to delete the data. Uber made the payment to the hackers.
