Buy Bluehost Hosting at Cheap Rate Bluehost

Uber Investigating Massive Security Breach by Teen Hacker

Image for article titled Uber Investigating Massive Security Breach by Alleged Teen Hacker

Photo: Jakub Porzycki/NurPhoto (Getty Images)

Uber is investigating a breach of the company’s most sensitive data—including financial documents, internal messages, and who knows what else—by someone who told the New York Times they’re just 18 years old. The hacker posted screenshots of their alleged exploits on Telegram on Thursday and even announced the hack in Uber’s internal Slack channels that evening, leading some employees to apparently think it was a joke, according to the Washington Post.

The hacker allegedly compromised Uber’s systems by posing as someone from the company’s IT team and getting an employee’s password through text message, according to the Times, which described the hack as a “total compromise” of Uber. Screenshots of the alleged hack posted to Telegram show access to HackerOne, Amazon Web Services, vSphere, Google Workspaceand Uber financial data.

The hacker announced themselves on Thursday by posting a photo of an erect penis on internal websites with the message “FUCK YOU DUMB WANKERS,” according to Fortune magazine, although it’s still not clear how long the hacker may have had access to Uber’s data. Just because the hacker announced themselves on Thursday doesn’t mean they gained access that day.

The hacker’s message in Uber’s internal Slack channel shows people responding with emojis and makes clear why some employees must have thought it was a joke:

Hi @here

I announce that I am a hacker and Uber has suffered a data breach.

Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from fabricator have also been stolen, along with secrets from sneakers.


Obviously it’s entirely possible the hacker or hackers aren’t actually just an 18-year-old doing it for the lulz, and this could be the work of a government or organized criminal organization. But if you wanted to look like an immature teen just pranking a big company, you’d definitely vandalize internal websites with a cock and say “fuck you dumb wankers.” That’s also what an authentic teen (presumably British) would say.

A spokesperson for Uber declined to comment on details of the hack overnight and would only say that they were “currently responding to a cybersecurity incident” and they were “in touch with law enforcement.” Uber said it would provide updates via its Uber Comms Twitter account, although that account has not been updated since 9:25 pm ET on Thursday.

Uber suffered a ransomware attack back in 2016, with the sensitive information of 57 million users compromised, including driver’s license information, but the company kept it a secret for more than a year. The company paid $100,000 to the hackers and fired two executives after the incident.

If it does turn out the hacker is a lone wolf not affiliated with any nation-state and just 18 years old, the hack would follow in a long tradition of teen hackers who breached sensitive areas just because they could. But if it was really that easy to social engineer a hack that opened up seemingly endless doors into Uber’s back end, you know someone who can profit will be paying attention for next time. Because when it comes to hacking, there’s always a next time. Get your shit together, Uber.

Source link

Leave a Reply

Your email address will not be published.