On this installment of "Another Week, Another Hack" we're talking about Uber. Where a teenager claims responsibility for major Uber data hack.
Let's get into it
Teenager Claims Responsibility for Uber Attack
During the middle of September, the world's largest ride-sharing company, Uber Technologies was looking into a serious cyber security breach that led them to take several of its internal communications and engineering systems offline.
These actions take place after an apparent young hacktivist admits to social engineering this attack.
A teenage individual went to the New York Times to share screenshots of compromised Uber assets, claiming responsibility for the attack.
Ubers communications team confirms the breach on Twitter. Also stating an investigation of the breach was underway and the authorities are aware.
Hacker Uses Social Engineering Tactics on Uber Employees
Before Uber was able to instruct employees to not use their internal messaging service, Slack, many team member reported a message that read "I am a hacker and Uber has suffered a Data breach."
Additionally, this message went on to list all the internal data bases the hacker had apparently compromised.
Ultimately, it was through an employee's Slack account, that the hacker gained access to send the message.
This "hacktivist" told the New York Times that they were able to infiltrate an employee's account with social engineering tactics.
The young hackers claims to have sent a text message to employees claiming to be a part of Ubers internal IT team and managed to persuade a worker into handing over their password.
These credentials gave the hacker access to Ubers internal systems.
Social Engineering Becoming a Huge Problem
If you remember, these same social engineering techniques were used to breach Okta and Microsoft.
Social engineering is the fastest growing way these young hackers are able to infiltrate even multi-billion dollar companies.
Therefore, businesses at any size are at risk of becoming a target. It only takes one slip up.
As these hackers get smarter, they document and share their work. Unfortunately, these processes are becoming accessible to anyone who knows where to look.
This hacker was just a teenager who wanted to show off their learned cybersecurity skills.
The 18 year-old claims the ability to hack Uber is due to its "weak security systems."
Including the desire to attack Uber comes from their personal thoughts on Uber drivers being more deserving of higher pay.
Lapsus$ Group to Blame
Uber has since identifies the individual to be a part of hacker group, Lapsus$. Also, assuring the public that the hack did not access any user information.
You might remember me talking about the Lapsus$ group in previous hacking videos.
Lapsus$ is known to target major companies. Stealing data from Nvidia, Samsung, Microsoft and Vodafone.
This hacker likely purchases company information on the dark web. Reports show the individual made several attempts to access Ubers contractors account.
The infiltrated contractor received several 2-factor authentication requests. Most of which they denied, until finally accepting one which gave the hacker access.
Once infiltrated, the hacker used the access to gain more permissions throughout Ubers network and tools, including G Suite and Slack.
Fortunately, Uber was able to get ahead of the situation. They claim that sensitive customer data, like identity and financial credentials are secure.
The company assures the public that they encrypt all credit card information and personal health data.
Uber's past of Cybersecurity Breaches
Uber is apparently taking this hack very seriously after receiving backlash in the past.
They are taking the opportunity to strengthen security policies, practices and technology to further protect Uber and their clients from future attacks.
If you remember, this is not the first time Uber has fallen victim to a major data breach.
In 2016, a hacker stole the information of over 56 million driver and rider accounts. Where Uber was ransomed for $100,000 to prevent the deletion of this data.
An Uber executive apparently paid the sum, but kept the breach a secret for over a year.
Ultimately, the company was sued for keeping this information from the public.
The "top secret" executive, Joe Sullivan, was fired for his role in covering up the breach.
He was charged with obstructing justice for failing to disclose the breach to regulators.
Uber Hack Should be a Warning for ALL Businesses
This hack against Uber, a multi-billion dollar company, is yet another warning to all businesses.
A teenager claims responsibility for major Uber data hack. Any business, no matter the size can become a target for cyber-attack.
These cyber criminals are capable of hacking anyone that has open vulnerabilities. That is why it is so important to take cybersecurity seriously.
Cybersecurity awareness and training needs to be a regular occurrence among staff.
Employees are often the weakest link when it comes to cybersecurity.
Strengthening their knowledge is the best way to protect your business from harm.
Check out our recent YouTube video where we discuss The Best New Features from Windows 11.
If your business is in need of cybersecurity strengthening, or even awareness training, feel free to book a time to chat with us via the Calendly link below. I'd be happy to discuss ways to optimize your company's IT.
Click here to schedule a free 15-minute meeting with Stan Kats, our Founder and Chief Technologist.
STG IT Consulting Group proudly provides IT Service for Small to Medium Businesses in Greater Los Angeles. We'd love to see if we can help you too!