Uber investigates ‘cybersecurity incident’ after experiences of …

Uber on Thursday mentioned it’s investigating a cybersecurity incident following experiences that the ride-hailing corporate have been hacked.

“We’re lately responding to a cybersecurity incident,” Uber mentioned in a commentary on Twitter. “We’re involved with legislation enforcement and can submit further updates right here as they transform to be had.”

A hacker won keep watch over over Uber’s interior programs after compromising the Slack account of an worker, consistent with the New York Times, which says it communicated with the attacker immediately. Slack, a administrative center messaging provider, is utilized by many tech firms and startups for on a regular basis communications. Uber has now disabled its Slack, consistent with more than one experiences.

Stocks of Uber declined 5% Friday on information of the hack.

After compromising Uber’s interior Slack in a so-called social engineering assault, the hacker then went directly to get entry to different interior databases, the Occasions reported. In a single Slack message, the hacker is claimed to have written: “I announce I’m a hacker and Uber has suffered an information breach.”

A separate record, from the Washington Post, mentioned the alleged attacker informed the newspaper they’d breached Uber for a laugh and may leak the corporate’s supply code in a question of months.

Uber mentioned it’s “lately responding to a cybersecurity incident” after experiences {that a} hacker compromised its programs.

Rafael Henrique | Sopa Pictures | Lightrocket | Getty Pictures

Workers first of all concept the assault to be a shaggy dog story and answered to Slack messages from the alleged hacker with emojis and GIFs, the Publish reported, mentioning two folks aware of the subject.

Screenshots shared on Twitter recommend the hacker additionally controlled to take over Uber’s Amazon Internet Products and services and Google Cloud accounts, and won get entry to to interior monetary knowledge.

CNBC used to be not able to independently check the guidelines. Uber declined to remark past its commentary posted on Twitter.

Whilst it isn’t totally transparent but how Uber’s programs had been compromised, cybersecurity researchers mentioned preliminary experiences point out the hacker eschewed refined hacking ways in desire of social engineering. That is the place criminals prey on folks’s credulity and inexperience to realize access to company accounts and delicate knowledge.

“It is a lovely low-bar to access assault,” mentioned Ian McShane, vp of technique at cybersecurity company Arctic Wolf. “Given the get entry to they declare to have won, I am stunned the attacker did not try to ransom or extort, it looks as if they did it ‘for the lulz’.”

“It is evidence as soon as once more that regularly the weakest hyperlink for your safety defenses is the human,” McShane added.

Sam Curry, a self-described “trojan horse bounty hunter” mentioned he’d been in touch with the alleged Uber hacker and claimed that the worker focused used to be all for incident reaction. Curry mentioned because of this the hacker most probably had “increased get entry to initially.” Worm bounties are rewards presented by way of firms to hackers for the invention of device vulnerabilities.

“From my working out, the attacker had keys to the dominion after acquiring an interior report with credentials to almost the whole lot,” he added. Curry works for crypto startup Yuga Labs as a safety engineer and says he spoke with the hacker by the use of Telegram, an rapid messaging platform.

News of the assault comes as Uber’s former safety leader, Joe Sullivan, is status trial over a 2016 breach during which the data of 57 million customers and drivers had been stolen. In 2017, the corporate admitted to concealing the assault and, the next 12 months, paid $148 million in a agreement with 50 U.S. states and Washington, D.C.

Uber has tried to scrub up its symbol within the wake of the go out of Travis Kalanick in 2017, the arguable former CEO who based the corporate in 2009. However scandals and controversies from Kalanick’s tumultuous tenure proceed to hang-out the company.

In July, The Guardian reported at the leak of hundreds of paperwork which detailed how Uber driven into towns around the globe, even supposing it supposed breaking native regulations. In a single example, former CEO Travis Kalanick mentioned that “violence promises luck” after being faced by way of different executives about issues for the security of Uber drivers despatched to a protest in France.

In line with The Dad or mum’s reporting on the time, Uber mentioned the occasions had been associated with “previous habits” and “now not in keeping with our provide values.”

Source link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button