Uber's Security Breached, Investigation Underway
Ride-share company Uber was hacked late Thursday. The company said it had alerted authorities and was investigating the breach.
The attack targeted the company's communications and Uber's Amazon Web Services and Google Suite accounts.
"I announce I am a hacker and Uber has suffered a data breach," the hacker, reportedly an 18-year-old teenager, wrote in the company's internal Slack channel chat.
The company's staff were initially skeptical of the attack.
The hacker employed "social engineering," a common hacking technique, to gain access to Uber's internal systems.
The hacker reportedly impersonated an information technology worker and convinced an Uber employee to divulge a VPN password that enabled the cyber attacker to access the company's systems.
Other companies have been hacked recently, including Microsoft earlier this year and Twitter in 2020. According to tech experts, Uber's breach outsizes those attacks.
"This is a total compromise, from what it looks like," Sam Curry, a security engineer contacted by the hacker told the New York Times.
The cyber attacker also reportedly gained access to the employee's HackerOne account. HackerOne is a cybersecurity company that Uber works with.
"HackerOne supports its customers. We're in close contact with Uber's security team, have locked their data down, and will continue to assist with their investigation," Marten Mickos, HackerOne CEO wrote on Twitter.
Thursday's hack is Uber's second major breach in six years.
In 2016, hackers stole data from 57 million user accounts and demanded $100,000 in ransom. The company quietly paid the hackers and Uber waited a year to disclose the breach.
The company fired Joe Sullivan, the company's then chief security officer, in 2017 and federal prosecutors charged him for covering up the hack and lying to officials. Sullivan pleaded not guilty and is currently on trial in federal court in San Francisco.
© Copyright IBTimes 2024. All rights reserved.