In this day and age, hacking attacks on major companies are nothing new, with the most recent victim being Uber Technologies, the mobility as a service (MaaS) provider that allows users to hitch a ride, commute, eat, and more.
Specifically, Uber’s platform was hacked on September 15, with the attacker gaining access to the company’s multiple critical internal systems, such as its Windows domain and security software, including vulnerability reports, Bleeping Computer reported on September 16.
Full access to Uber’s systems
In addition, the hacker shared with cybersecurity researchers and The New York Times reporters the screenshots of the platform’s internal systems, email dashboards, cloud storage, and Slack server, showing what seems like complete access to these systems.
According to a report by The New York Times, which first reported on the attack, Yuga Labs’ security engineer Sam Curry, who communicated with the alleged hacker, said that:
“They pretty much have full access to Uber. (…) This is a total compromise, from what it looks like.”
Among other things, the attacker gained access to Uber’s Amazon Web Services (AWS) dashboard, Google Workspace email admin dashboard, VMware ESXi virtual machines, and Slack server, where they wrote messages.
The hacker reaches out
As per The New York Times report, one of the messages was:
“I announce I am a hacker and Uber has suffered a data breach.”
The report also said that the attacker claimed to have sent a text message to an Uber employee pretending to be a corporate IT person, convincing the employee to share a password that allowed the hacker to access the company’s systems.
In addition, the attacker said he was 18 years old and had hacked Uber’s platform because it had poor security, adding that Uber’s drivers should have better salaries.
Uber’s response
Responding to the incident, Uber Communications said on its Twitter (NYSE: TWTR) account that:
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”
According to an internal email seen by The New York Times, the company’s chief information security officer Latha Maripuri told employees that the incident was being investigated:
“We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us.”
The cyberattack comes a little over a month after Uber Technologies recorded a surge of over 13% in premarket trading after releasing its earnings report that exceeded the expectations on Wall Street with a 105% year-on-year revenue increase, as Finbold reported.
Source: https://finbold.com/alert-ubers-internal-systems-hacked-giving-bad-actor-full-access/