The computer network of Uber was compromised.
Following the compromising of several internal communications and engineering systems, the ride-hailing business declared that it was conducting an investigation.
After the hacker gave screenshots of emails, cloud storage, and code repositories to the media, the New York Times was the first to publish the intrusion.
According to a story that used two employees, Uber employees were instructed not to use the business chat tool Slack.
Uber staff members got a message that said, “I proclaim I am a hacker and Uber has suffered a data breach,” just before the Slack system was shut down.
An explicit photo was posted on an internal information page for staff, suggesting that the hacker was later able to access additional internal systems.
Uber claimed to be in contact with law enforcement regarding the hack.
Bug bounty hunters
Uber subscribes to HackerOne, a California-based platform for bug rewards. Many large companies utilize bug bounty programs, which essentially pay ethical hackers to find bugs.
The Uber hacker spoke with one of the bug bounty hunters, Sam Curry. He commented, “It seems like they’ve compromised a lot of things.
Several Uber employees, according to Mr. Curry, who spoke with him, indicated they were “trying to lock down everything internally” to limit the hacker’s access.
He said there was no indication that the hacker had done any damage or was interested in anything more than publicity.
Chris Evans, chief hacking officer for HackerOne, told the BBC: “We’re in close contact with Uber’s security team, have locked their data down, and will continue to assist with their investigation.”
Who is responsible?
The BBC has seen texts from someone claiming to have numerous Uber admin accounts.
The hacker, who according to The New York Times, is 18 years old, has been honing his cyber-security abilities for several years, and broke into the Uber servers because “their protection was lax.”
The individual also advocated for increased pay for Uber drivers in the Slack message announcing the breach.
The saying goes in cyber-security that “humans are the weakest link”, and once again this hack shows that it was an employee being fooled that let the criminals in.
Although the saying is true, it’s also extremely unkind.
The fuller picture emerging here shows that this hacker was highly skilled and highly motivated.
As we saw with recent breaches of Okta, Microsoft, and Twitter, young hackers with plenty of time on their hands and a devil-may-care attitude can persuade even the most careful employees into making cyber-security mistakes.
This form of hacking through social engineering is even older than computers themselves – just ask infamous former hacker Kevin Mitnick, who was sweet-talking his way around telephone networks back in the 70s.
The difference today is that hackers can combine the gift of the gab with very sophisticated and easy-to-use software to make their job even easier.
Read more Business News , Today Politics Headline , Today Finace News Update ,Latest Social News Update , World Highlight , Entertainment Latest News , Today Sports News Update , Latest Education Update , Real Estate Today Update