- Uber confirmed its systems were breached Thursday in an attack that appears far reaching in scope. The rideshare and food delivery company said it alerted law enforcement to the incident in a Thursday statement.
- The threat actor, who claims to be 18 years old, told The New York Times he duped an employee into providing their password via text message and compromised the worker’s Slack account. Slack’s high-level access to other third-party services allowed the attacker to gain access to additional Uber systems, including Amazon Web Services, Google Cloud, VMware virtual machines, OneLogin and other services, the attacker claimed.
- Uber was previously targeted and covered up a cyberattack in 2016 that exposed personal data on 57 million customers and drivers.
Social engineering and phishing attacks have ruined this summer for many tech companies, including Twilio, Mailchimp and some of their respective customers. These third-party intrusions can spread far and wide.
The threat actor behind the attack against Uber has been communicating with multiple journalists and threat intelligence analysts, and sharing screenshots of their exploits to confirm the extent of their access to Uber’s systems.
The individual, in multiple Telegram exchanges with hackers and security engineers that were then posted to Twitter, also claims to have exfiltrated Uber’s vulnerability reports from HackerOne.
The threat actor claims it accessed the company’s VPN and discovered the username and password for an admin user contained in PowerShell scripts, which allowed them to access many of Uber’s critical systems.
Uber declined to provide additional comment to Cybersecurity Dive. Company stock is down almost 5% Friday morning to $31.61 per share.