The hacker presumably used phishing to gain the password of an Uber employee at the beginning of the attack (Uber Hack). The employee was subsequently inundated with push messages requesting them to authenticate a remote login to their account performed by the Uber Hacker.
Users of HackerOne discovered evidence of a hack against Uber when they discovered that an official Uber HackerOne account was replying to bug reporting requests and making fun of the ride-hailing behemoth. That night, Uber verified that there had been an issue. And HackerOne immediately shut down Uber’s data to avoid any more harm.
Impact
After an unauthorized user compromised Uber’s network, the company disclosed to the public on Thursday. That it was addressing a cybersecurity concern. According to information, the attacker successfully gained unauthorized access to the communication software Slack using a worker’s account.
It is possible that the intruder obtained access to the cloud environments hosted where Uber maintains its source code and user data. As well as to the company’s HackerOne account, which holds information on security issues in its products.
There is no evidence to substantiate any assertion that Uber’s fleet or operations were harmed. After speaking with the Uber Hacker, who claims to be 18 years old. Experts in the field of information security have formed the opinion that the threat actor’s primary motivation seems to be to brag about what he has accomplished.
Additionally, the individual said that Uber drivers need to be paid more. A reliable source divulged the information that the threat actor had bombarded an employee with multi-factor authentication push requests. This tried-and-true strategy has been shown to circumvent some types of multi-factor authentication by irritating a victim into giving in.
When a user’s login and password are used, this multi-factor authentication will alert the user with a notice. The user must consent to log in by hitting a button on the mobile app on their smartphone. If an attacker does not have physical access to the victim’s phone. Then any usernames and passwords they steal from the victim will be worthless to them.
According to the reports, the enforcer of the assault spoke with the employee over WhatsApp and directed them to comply with the demands to put an end to the harassment. The victim then did as they were told.
Slack
As an alternative to email, the chat platform known as Slack is becoming more popular among software businesses and is utilized extensively inside these organizations. It makes it possible for individuals to communicate with one another directly. And it also makes it possible for groups of people to have discussions through channels that are devoted to specific subjects or areas of interest.
A complete history of every debate that has ever taken place in a medium is stored inside the channel. And this history may include sensitive or essential information. To put it another way, an attacker who wants to broaden their access and influence may find Slack a veritable gold mine.
After the attacker sent a message to Uber workers through Slack. The company was compelled to take many internal communications and engineering systems down.
The message on Slack, which had many misspellings, read as follows:
“I confess that I am a hacker, and I can confirm that Uber has been the victim of a data breach. It has been discovered that Slack, Confluence, Stash, and Two Monorepos from Phabricator have all been taken, in addition to Sneakers’ Confidential Information.”
The post was first seen as a joke by the workers of Uber who were participating in the Slack channel. However, individuals quickly began to realize that the accusations were genuine. They released a picture on an internal information website for staff. In addition to images of the Uber instance, HackerOne management panel. And other parts of the system, to demonstrate that the intruder had indeed gained access.
How did we respond to the Uber Hack?
Our already-in-place security monitoring procedures enabled our staff to rapidly recognize the problem and go to work devising a solution. After ensuring that the attacker was no longer able to access our systems. Securing user data and ensuring that Uber services were not disrupted were our first objectives. After that, we began investigating the nature of the breach and its scale, and potential consequences.
Some of these are listed as the most critical steps that we have taken and will continue to take:
- We found an employee account that had been hacked or might have been compromised, and we either prevented those employees from accessing Uber networks or ordered them to change their passwords.
- We deactivated many internal tools that were impacted or possibly affected.
- We changed the locks on several of our internal services, which had the same impact as resetting access.
- We secured our codebase, prohibiting any new code from being added or modified.
- Employees were asked to reauthenticate themselves before restoring their access to internal tools. In addition, we are taking further steps to fortify our multi-factor authentication rules.
- We have increased the amount of monitoring that is being performed on our internal environment to keep an even closer lookout for any extra suspicious activities.
Conclusion – Uber Hack
With the rise of cybercrime and cybersecurity concerns. It’s not unexpected that individuals are prepared to go to great lengths to safeguard themselves and their sensitive data. The most straightforward approach to keep it safe is to keep your backup files offline.
Data kept offsite in a physical location has a limited number of destinations. Whether on a USB drive, CDs, or a hard disk. Data stored offline is much safer and straightforward to follow. But data in the cloud might span several servers and networks which is a major cause of data being stolen.
Leave a Reply