Uber is investigating a cyberattack on its systems in which hackers appear to have gained significant access to the company’s system. The hacker who claims to be behind the breach says they gained access to the Uber’s network through a social engineering attack on an employee.
The ride-hailing giant confirmed it was investigating a possible breach overnight, and is working with law enforcement agencies.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.— Uber Comms (@Uber_Comms) September 16, 2022
Its statement came after the New York Times reported that the hacker had gained access to Uber’s internal Slack messaging system and was posting messages taunting staff.
Uber cyberattack: which systems have been compromised?
According to the Times report, Uber shut down its Slack on Thursday after the hacker posted a message stating “I announce I am a hacker and Uber has suffered a data breach,” before going on to list all the systems they had comprised.
Screenshots posted online apparently show that the cybercriminal had gained access to Uber’s AWS instance, as well as the controls of its security platform HackerOne.
Update: A Threat Actor claims to have completely compromised Uber – they have posted screenshots of their AWS instance, HackerOne administration panel, and more.— vx-underground (@vxunderground) September 16, 2022
They are openly taunting and mocking @Uber. pic.twitter.com/Q3PzzBLsQY
Other screenshots posted on Twitter seem to show an Uber account on Google’s G-Suite with over one petabyte of storage in use, as well as the company’s VMware vSphere virtual machine infrastructure.
Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets. They likely have access to all of the Uber HackerOne reports. pic.twitter.com/00j8V3kcoE— Sam Curry (@samwcyo) September 16, 2022
Uber has not confirmed whether any customer or driver data has been affected by the breach. Tech Monitor has contacted the company to request further information.
How did the Uber breach happen?
It is thought the hacker tricked an Uber employee into handing over login details by pretending to be a member of the company’s IT team. Screenshots from Telegram appear to show the hacker boasting they had been able to connect to Uber’s VPN using the stolen credentials and scour the company’s internal systems.
Uber was hacked.— Corben Leo (@hacker_) September 16, 2022
The hacker social engineered an employee -> logged into the VPN and scanned their intranet. 👇
Social engineering is a common method used by criminals to gain access to networks, particularly since the Covid-19 pandemic and the rise of remote working. Techniques include bogus phishing emails, as well as more sophisticated methods such as deep fake videos and audio which are used to trick company into handing over confidential information.