Uber Hacked, Internal Systems and Confidential Documents Allegedly Stolen

Uber disclosed a security breach on Thursday in which threat actors gained access to its network and stole internal documents.

Uber suffered a cyber attack on Thursday that allowed attackers to penetrate its internal network and access internal files, including vulnerability reports.

According to the New York Times, the attackers hacked into an employee’s Slack account and used the account to notify insiders that the company “suffered a data breach” and provided a list of internal databases that were allegedly hacked.

“I’m announcing that I’m a hacker and Uber has suffered a data breach.” the caption message.

The company was forced to take its internal communications and engineering systems offline to mitigate the attack and investigate the intrusion.

The attackers allegedly compromised multiple internal systems and provided the New York Times and some cybersecurity researchers with images of emails, cloud storage and code repositories.

“They have almost full access to Uber,” said Sam Curry, a security engineer at Yuga Labs, who communicated with the person who claimed responsibility for the breach. “From the looks of it, it’s a complete compromise.”

Attackers also have access to the company’s HackerOne bug bounty program, which means they have access to every vulnerability report a white hat hacker submits to the company. This information is so important that threat actors can use it to launch further attacks. It cannot be ruled out that the report contains technical details about some flaws that the company has yet to fix.

HackerOne has immediately disabled the Uber bug bounty program, blocking any access to the list of reported issues.

An Uber spokesman confirmed that Uber notified law enforcement and began an internal investigation into the incident.

Latha Maripuri, Uber’s chief information security officer, told The New York Times by email: “We currently cannot estimate when full access to the tool will be restored, so thank you for your support.”

Employees were instructed not to use the internal messaging service Slack, and some of them, speaking on condition of anonymity, told The New York Times that other internal systems were inaccessible.

The hacker, who identified himself as 18, added that Uber’s security was weak, and in a message sent via Slack, he also said Uber drivers should be paid higher wages.

This isn’t the first time the company has suffered a security breach. In 2017, another data breach in 2016 made headlines.

In November 2017, Uber CEO Dara Khosrowshahi announced that hackers had breached the company’s database and accessed the personal data (names, email addresses and mobile numbers) of 57 million users, a disturbing discovery that the company had covered up the hack. years.

The attackers also accessed the names and license numbers of its approximately 600,000 drivers in the United States.

The hack happened in 2016, and according to a report published by Bloomberg, it was easy for hackers to obtain credentials from a private GitHub site used by the company’s development team. Hackers tried to blackmail Uber and demanded the company pay $100,000 in exchange for not releasing the stolen data.

Instead of notifying customers and law enforcement of the data breach as required by California’s data security breach notification law, information security chief Joe Sullivan ordered a ransom payment and covered up the story of the destruction of any evidence.The bounty was disguised as a bug bounty and a nondisclosure agreement was signed

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(security affairs Hacker, Uber)

Leave a Comment

Your email address will not be published.