Uber security breach: The ride-hailing programme Following what security experts are calling a significant data breach, Uber claimed on Friday that all of its services were operating and that there was no proof that the hacker had gained access to private user information.
The intrusion, which was probably the work of a lone hacker, brought attention to a social engineering-based hacking technique that is becoming more and more successful: By pretending to be a colleague, the hacker managed to mislead an Uber employee into giving out their login information.
Then, they discovered credentials on the network that gave them the kind of privileged access only system administrators were granted.
The potential harm was significant: According to screenshots the hacker provided to security researchers, they were given full access to the cloud-based platforms that Uber uses to store confidential consumer and financial information.
What happened when it got hacked?
The quantity and duration of the hacker’s access to Uber’s network are unknown. Two researchers who spoke with the person directly stated they were keen in notoriety and that they self-identified as an 18-year-old to one of them. There was no sign that they deleted any material.
However, documents given to the researchers and extensively disseminated on Twitter and other social media revealed the hacker had access to Uber’s most important internal systems.
“The access he had was pretty poor. It’s terrible,” remarked Corbin Leo, one of the researchers who had an online conversation with the hacker.
Since Uber too experienced a significant hack in 2016, the online cybersecurity community’s response was negative.
Lesley Carhart, incident response director of Dragos Inc., a company that specialises in industrial-control systems, tweeted that the breach “wasn’t complex or complicated and clearly hinged on numerous significant systemic security culture and engineering failings.”
Leo claimed that screenshots provided by the hacker demonstrated that the intrusive party gained access to systems kept on Google and Amazon cloud-based servers, where Uber stores its source code, financial information, and user information including driver’s licences.
“He might begin halting services if he possessed the kingdom’s keys. He could remove things. He could change passwords and download customer information, according to Leo, a researcher and the company Zellic’s head of business development.
Uber security breach: Screenshots
The hacker sent screenshots, many of which were posted online, showing the access to internal systems and critical financial information. Additionally extensively used online The hacker who disclosed the intrusion on Uber’s internal Slack communication platform on Thursday.
There was no evidence, according to Leo and Sam Curry, an engineer with Yuga Labs who also spoke with the hacker, that the hacker had caused any harm or had interests beyond publicity.
He wants popularity, which is what 99% of young hackers desire, so it’s quite obvious that he’s a young hacker, Leo added.
Several Uber employees, according to Curry, who he spoke with on Thursday, claimed they were “trying to lock down everything internally” to limit the hacker’s access. That included the Slack network of the San Francisco-based business, he said.
“Internal software tools that we took down as a precaution yesterday are coming back up,” Uber said in a statement published online on Friday.
According to the statement, all of its services, including Uber Eats and Uber Freight, are operating as normal, and law enforcement has been alerted. FBI acknowledged the Uber cyber problem in an email and stated that it is still providing help to the business.
Uber denied that “important user data” including trip histories had been obtained by an intruder, but it did not respond to questions from The Associated Press regarding whether the data was encrypted or not.
Curry and Leo said that the hacker did not specify the quantity of data copied. Uber did not advise its users to perform any particular actions, such switching passwords.
The hacker alerted the researchers to the intrusion Thursday by using an internal Uber account on the company’s network used to post vulnerabilities identified through its bug-bounty program, which pays ethical hackers to ferret out network weaknesses.
After commenting on those posts, the hacker provided a Telegram account address. Curry and other researchers then engaged them in a separate conversation, where the intruder provided the screenshots as proof.
The AP attempted to contact the hacker at the Telegram account, but received no response.
Screenshots posted online appeared to confirm what the researchers said the hacker claimed: That they obtained privileged access to Uber’s most critical systems through social engineering.
Uber security breach: The apparent scenario:
The hacker probably used phishing to first steal the password of an Uber employee. The employee was subsequently inundated with push alerts from the hacker requesting them to confirm a remote log-in to their account. When the employee didn’t reply, the hacker used WhatsApp to get in touch, assuming the identity of another employee from the IT department and expressing urgency. Employee finally gave in and clicked a mouse to confirm.
Considering that people are usually the weakest link in any network, social engineering is a common hacking tactic. Teenagers used it to hack Twitter in 2020, and more recently, Twilio and Cloudflare were also attacked, according to Rachel Tobac, CEO of SocialProof Security, a company that focuses in educating employees about social engineering.
Tobac tweeted, “The hard fact is that most organisations in the world could be hacked in the exact way Uber was just attacked.” “Even very tech smart people fall for social engineering approaches every day,” she claimed in an interview.
MFA (multi-factor authentication) bypassing and hijacking are becoming more sophisticated, according to Ryan Sherstobitoff, senior threat analyst at SecurityScorecard.
For this reason, a lot of security experts support the usage of so-called FIDO physical security keys for user authentication. However, tech corporations have been sporadic in their adoption of such devices.
According to Contrast Security’s Tom Kellermann, the intrusion also demonstrated the necessity for real-time monitoring in cloud-based systems to more effectively identify intruders. Because a single master key may often open all of their doors, “Much more effort must be paid to protecting clouds from within.”
Since it was breached in 2016, several experts have questioned how much Uber’s cybersecurity has advanced.
Its former chief security officer, Joseph Sullivan, is currently facing charges of conspiring to pay $100,000 to hackers to conceal that sophisticated theft, which resulted in the loss of the personal data of approximately 57 million users and drivers.
Keep watching our YouTube Channel ‘DNP INDIA’. Also, please subscribe and follow us on FACEBOOK, INSTAGRAM, and TWITTER.