Uber is investigating a cybersecurity incident following a high-profile cyberattack that may have severely affected its business. critical infrastructure and potentially the personal data of millions of users.
According to the information available so far, an unknown attacker managed to access the computer systems of the world’s largest mobility as a service company. Screenshots shared by the cybercriminal himself show what appears to be a full access to critical Uber IT systemsincluding company security software and Windows domain.
The compromised systems are broad and relevant, encompassing the company’s Amazon Web Services console, VMware ESXi virtual machines, the Google Workspace email admin panel, and the Slack server, on which the hacker posted your messages.
As serious as that is, the worst for Uber may come from the hack of its HackerOne bug bounty program that allows security researchers to privately disclose vulnerabilities. If, as suspected, you gained access to all of the company’s private vulnerability filings, it likely includes vulnerability reports that have not been fixed, posing a serious security risk to Uber.
How the cyber attack on Uber was carried out
The New York Times, which was the first to report about the cyberattack on Uber, explains that it was carried out through social engineering against a high-profile employee and specifically by compromising your account for the business communication service, Slack.
Social engineering has become a very popular technique among cybercriminals and we have seen it in recent attacks against other companies such as Twitter, MailChimp, Robinhood and Okta. The user is always the “weakest” link in the security chain and it is the principle that supports this type of computer attacks.
In addition to the compromise of critical IT systems and the HackerOne security bug bounty program (very serious for the reasons mentioned), it is not ruled out that the personal data of users has been compromised.
For Uber, it is not the first incident of this type. In 2018, it agreed to pay $148 million for a 2016 data breach that the ride-sharing service covered up in violation of regulations. Uber’s head of security at the time was accused of covering up the breach.
On that occasion, hackers stole data from 57 million drivers and passengers, including personal information such as names, email addresses, and driver’s license numbers. Uber illegally covered up the case, paid the hackers $100,000 to remove the information and asked them to sign a non-disclosure agreement. The current cyberattack seems even more serious, although there is no official information that we can assess. We’ll tell you.
“Terrible” business behavior
And related… The Guardian and the International Consortium of Investigative Journalists recently published thousands of leaked confidential Uber files, revealing that the company knowingly violated all kinds of lawssecretly lobbied governments, withheld evidence of its operation from the police, received help from politicians, and exploited violence against its drivers to boost business.
The overall goal was to disrupt the taxi industry in Europe in order to bring shared rides to cities around the world, even when doing so knowingly violated existing regulations. Uber’s ruthless business methods were known, but for the first time the leaked files provided a unique insider’s view of the efforts it went to achieve its goals.
Uber’s current management acknowledged the many mistakes made by the company under Travis Kalanick, but distanced itself from them. At least in computer security, they will have to make greater efforts.