After serious breach, Uber says services are operational

After serious breach, Uber says services are operational

Taxi service Uber said on Friday that all its services are operational after what security professionals called a major data breach. It said there was no evidence that the hacker gained access to sensitive user data.

What appeared to be a lone hacker announced the breach Thursday after apparently tricking an Uber employee into providing credentials.

Screenshots the hacker shared with security researchers indicate that this individual has been given full access to the cloud-based systems where Uber stores sensitive customer and financial data.

It is not known how much data the hacker stole or how long they were in Uber’s network. Two researchers who communicated directly with the person — who identified himself as an 18-year-old to one of them — said they seemed interested in publicity. There was no indication that they had destroyed any data.

But files shared with the researchers and widely posted on Twitter and other social media indicated that the hacker had access to Uber’s most critical internal systems.

“It was really bad the access he had. It’s terrible,” said Corbin Leo, one of the researchers who chatted with the hacker online.

He said screenshots the person shared showed the intruder gained access to systems stored on Amazon and Google cloud-based servers where Uber stores source code, financial data and customer data such as driver’s licenses.

“If he had the keys to the kingdom, he could stop the services. He could erase things. He could download customer data, change people’s passwords,” said Leo, a researcher and head of business development at the security firm Zellic.

Screenshots the hacker shared — many of which made their way online — showed they had access to sensitive financial data and internal databases. Among them was one in which the hacker announced the breach of Uber’s internal Slack collaboration system.

Sam Curry, an engineer at Yuga Labs who also communicated with the hacker, said there was no indication the hacker had done any damage or was interested in more than publicity. “My feeling is that it seems like they are out to get as much attention as possible.”

Curry said he spoke to several Uber employees on Thursday who said they were “working to shut everything down internally” to restrict the hacker’s access. That included the company’s Slack network from San Francisco, he said.

In a statement posted online Friday, Uber said that “internal software tools that we removed yesterday as a precaution are coming back online.”

It said all of its services — including Uber Eats and Uber Freight — were operational.

The company did not respond to questions from The Associated Press, including whether the hacker had access to customer data and whether that data was stored encrypted. The company said there was no evidence that the intruder had access to “sensitive user data,” such as travel history.

Curry and Leo said the hacker did not specify how much data was copied. Uber has not recommended any specific actions to its users, such as changing passwords.

The hacker warned investigators about the break-in on Thursday through an internal Uber account on the company’s network used to post vulnerabilities identified through the bug bounty program, who pays ethical hackers to detect network weaknesses.

After commenting on those messages, the hacker provided a Telegram account address. Curry and other researchers then entered into a separate conversation with them, with the intruder providing screenshots from various pages of Uber’s cloud providers to prove they were breaking in.

The AP tried to contact the hacker on the Telegram account, but received no response.

Screenshots on Twitter appeared to confirm what the researchers said the hacker claimed: that they were given privileged access to Uber’s most critical systems through social engineering. In fact, the hacker discovered the password of an Uber employee. The hacker then pretended to be a colleague and bombarded the employee with text messages asking him to confirm that he was logged into his account. In the end, the employee succumbed and provided a two-factor authentication code that the hacker used to log in.

Social engineering is a popular hacking strategy because people are the weakest link in any network. Teens used it to hack Twitter in 2020 and recently it has been used in hacks by the tech companies Twilio and Cloudflare.

Uber has been hacked before.

The former chief security officer, Joseph Sullivan, is currently on trial for allegedly arranging to pay hackers $100,000 to cover up a 2016 high-tech heist that stole the personal information of approximately 57 million customers and drivers.

Leave a Reply

Your email address will not be published.