On Thursday, ride-hailing giant Uber started investigating a data breach regarding some of its internal tools. The company alerted law enforcement and continues to probe into the security incident.
What we know so far
According to official communication from Uber posted on Sept. 16, the company says they “have no evidence that the incident involved access to sensitive user data” and that all of their services and apps are operational.
While many of its internal communication tools and engineering systems were taken offline on the day of the breach, Uber claims that most of its collaboration software was reinstated.
Uber security incident update on Twitter
18-year-old hacker to blame
The person claiming responsibility for the hack is allegedly an 18-year-old who had been working on his cybersecurity skills for some time. The culprit made his deed public showing captured images of emails, cloud storage, and even code repositories.
According to the New York Times, the teen compromised Slack account of an unnamed employee and used it to infiltrate other internal systems before making his presence known companywide.
After phishing the login credentials of an employee and accessing the company VPN, the attacker said he found PowerShell scripts on its intranet containing access management credentials allowing him to allegedly breach Uber’s Cloud Computing Services.
“Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The message went on to list several internal databases that the hacker claimed to have compromised, The Times explained.
Reportedly, the attacker also posted an explicit photo on Uber’s information boards for employees and said he breached the company due to its poor security posture.
On a side note, the hacker behind the alleged Rockstar Games intrusion claims to be responsible for the Uber hack as well but offered no proof in this regard.
Not Uber’s first security blunder
This is not the first data breach to impact the company. In 2016, Uber suffered a massive incident that affected 600,000 US drivers and over 57 million customers worldwide.
The incident exposed personally identifiable information including names, email addresses, phone numbers and driver’s licenses.
Stay on top of data breaches with Bitdefender Digital Identity Protection
Bitdefender Digital Identity Protection continuously monitors your personal information, alerting you in real time in case of data breaches and leaks. This lets you immediately change your passwords and secure your accounts to prevent financial loss or even social media impersonation, which can ruin your reputation.
Managing your digital footprint has never been easier. With our dedicated privacy tool, you can:
· Discover the extent of your digital footprint
· Find out if your personal information was exposed in legal and illegal collections of data
· Benefit from 24/7 data breach monitoring for up to five email addresses
· Get instant alerts to new breaches and privacy threats
Detect social media doppelgangers