Uber Hacked!!! Here’s All You Need To Know

A breach of Uber’s computer network was discovered on Thursday, prompting the company to temporarily shut down several internal communication and engineering systems while it investigated the breach. According to cybersecurity researchers and The New York Times, a person claiming responsibility for the hack sent images of Uber’s email, cloud storage, and code repositories. According to The New York Times, Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach stated that the attacker had pretty much access to all the internal assets of Uber.

From another Uber employee:

Instead of doing anything, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke. After being told to stop going on slack, people kept going on for the jokes. lmao

— Sam Curry (@samwcyo) September 16, 2022

In its latest article, The New York Times states that “Uber employees were instructed not to use the company’s internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly.

Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The message went on to list several internal databases that the hacker claimed had been compromised.

The Uber spokesman said that the hacker compromised a worker’s Slack account and used it to send the message. It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees.”

According to Group-IB, “on September 16, a user, nicknamed vx-underground, posted screenshots to Twitter with evidence of access to Uber internal systems, including SentinelOne, Slack and AWS. The screenshots have been attributed to the threat actor teapots2022. In addition, it is identified that these logs were put up for sale on September 12 and 14, which means that this was very fresh data, because the hack that utilized them was revealed from 15 to 16 September. This shows that the attacker managed to gain access to the internal network and develop their attack in a fairly short period of time. These logs accessed indicate that at least 2 Uber employees (from Indonesia and Brazil) have been infected by stealer malware: Racoon and Vidar stealers. In addition, the version of Uber hacking through the purchase of logs that contained data for authorization on uber.onelogin.com is confirmed by the same screenshot, where you can see that the very first tab in the browser is called “OneLogin.” From the logs shown in the screenshot, the attacker could also have purchased logs to enable them to sort through all the accounts in search of accounts with privileged access to critical internal network resources. These other logs also contained multiple access credentials to other resources, including Slack, Facebook, Google, Instagram, etc. These credentials could have been used by the attacker to advance through Uber’s network using social engineering.”

Figure Source: GROUP-IB

Figure Source: GROUP-IB

In its article, The New York Times also mentioned, “The hacker, who provided screenshots of internal Uber systems to demonstrate his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the company had weak security. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.”

In the wake of reports that Uber’s internal systems have been hacked, the company says it’s investigating a “cybersecurity incident.”

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

— Uber Comms (@Uber_Comms) September 16, 2022

How NetSecurity Can Help You Protect From Cyber Attacks?

Cyber security threats and ransomware attacks are increasing at a tremendous pace. It is extremely difficult for cyber security analysts and incident responders to investigate and detect cyber security threats using conventional tools and techniques. NetSecurity’s ThreatResponder, with its cloud-based machine learning threat detection engine and its diverse capabilities, can help your team detect the most advanced cyber threats, including APTs, zero-day attacks, and ransomware attacks. It can also help automate incident response actions across millions of endpoints, making it easy, fast, and hassle-free.

Want to try our ThreatResponder, cutting-edge Endpoint Detection & Response (EDR), and ThreatResponder FORENSICS, the Swiss knife for forensic investigators in action? Click on the below button to request a free demo of our NetSecurity’s ThreatResponder platform.

Disclaimer

The page’s content shall be deemed proprietary and privileged information of NETSECURITY CORPORATION. It shall be noted that NETSECURITY CORPORATION copyrights the contents of this page. Any violation/misuse/unauthorized use of this content “as is” or “modified” shall be considered illegal and subjected to articles and provisions that have been stipulated in the General Data Protection Regulation (GDPR) and Personal Data Protection Law (PDPL).