Uber hacked, attacker tears through the company’s systems

2022-09-16 15:22

Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets.

Nothing of this has yet been officially confirmed by Uber - the company continues to point to a terse statement on Twitter: "We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available."

According to various internal sources the attacker has been taunting the company and its employees with messages on the internal Slack workspaces and by posting replies to bug hunters who flagged vulnerabilities via the Uber's HackerOne account.

"According to reports, the attacker used social engineering to gain access to a single employee's credentials. Social engineering attacks of this nature can often remain undetected until significant damage is caused. However, in this case, the hacker revealed themselves to Uber through a Slack message, indicating they might be more interested in attention rather than large-scale damage," noted Oliver Pinson-Roxburgh, CEO of Defense.com.

"Uber's case shows how bad things can be, at least from what we know. Events escalate quickly and critical assets can be accessed without proper controls in place. Also, Uber is not out of the ongoing event. There are still mitigations they need to perform in real time. And it all comes down to the controls and measures they've put in place that will determine the outcome of this attack."

This in not the first time that Uber has been hacked and breached.

News URL

https://www.helpnetsecurity.com/2022/09/16/uber-hacked-attacker-tears-through-the-companys-systems/

#hacked #uber