Uber recently suffered a critical cyberattack, with an 18-year-old hacker allegedly downloading vulnerability reports and displaying screenshots of the enterprise’s internal systems, slack server, and dedicated email dashboard online.
The screenshots uploaded by the hacker appeared to reveal total access to many critical IT systems belonging to Uber, including the firm’s Windows domain and security software.
A range of systems infiltrated and exposed
Listed systems that were accessed by the malicious operator also included the Uber’s Amazon Web Services console, VMware virtual machines and the admin dashboard in Google Workspace for managing the company’s email accounts.
The threat operator also breached Uber’s Slack server. The hacker then used the server to post messages to personnel stating that their employer had been hacked. However, the screenshots originating from Uber’s slack server indicate that the announcements were initially met with jokes and memes, as staff had not realised that a legitimate cyberattack was underway.
Following on from the screenshots being posted, Uber confirmed the cyberattack via its social media account on Twitter. It commented that it was in contact with law enforcement agencies and that it would be posting additional information as it became available.
The tweet from Uber Communications explained:
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”
A security breach reported
The Uber data breach was first reported by journalists at the New York Times. It stated that it had spoken to the hacker, who confirmed they had managed to breached Uber’s systems after successfully executing a social engineering attack on one of the company’s employees and stealing their confidential password. Once in possession of the stolen credentials, the hacker gained access to the firm’s internal systems.
Uber followed up its earlier posts on social media, commenting that while its investigation was ongoing, it had further details to share with the public.
“We have no evidence that the incident involved access to sensitive user data (like trip history). All our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational. Internal software tools that we took down as a precaution yesterday are coming back online this morning.”
Cybersecurity researchers contacted the hacker in an effort to learn more about the hit on Uber’s systems. The threat actor was questioned regarding how penetration was possible and pressed for more details on the social engineering attack that allowed the hacker to gain access. Ubers email account system used an additional layer of security in the form of multi-factor authentication. To bypass this extra measure, the attacker allegedly employed an MFA Fatigue tactic and impersonated a member of Ubers dedicated IT support team. Under the guise of being tech support, the hacker convinced the Uber staff member to accept the dedicated MFA request.
The recent breach highlights that while advanced cybersecurity solutions such as multi-factor authentication can help keep enterprise email systems safe from hackers, the human factor remains a weak link in the chain.