Security News > 2022 > September > UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you
As we all know, there are many ways that attackers with time, patience and the gift of the gab can persuade even a well-informed and well-meaning user to help them bypass the security processes that are supposed to keep them out.
Typically, attackers will deliberately look for and use known security vulnerabilities internally, even though they couldn't find a way to exploit them from the outside because the defenders had taken the trouble to protect against them at the network perimeter.
Apparently, even though the hacker started off as a regular user, and therefore had access only to selected parts of the courtyard, and no access to the castle's keep at all.
We're not sure just how broadly the hacker was able to roam once they'd prised open the PAM database, but Twitter postings from numerous sources suggest that the attacker was able to penetrate much of Uber's IT infrastructure.
Using well-chosen passwords stops crooks guessing their way in, and 2FA security based on one-time codes or hardware access tokens make things harder, often much harder, for attackers.
Zero-trust network access products don't work like traditional network security tools such as VPNs. A VPN generally provides a secure way for someone outside the castle to get general admission to the whole courtyard area, after which they often enjoy much more freedom than they really need, allowing them to roam, snoop and poke around looking for the keys to the rest of the castle.