Hacker claims to breach Uber, security researcher says

Sep 15, 2022, 10:00 PM | Updated: Sep 20, 2022, 5:51 am

Uber said Thursday that it reached out to law enforcement after a hacker apparently breached its network. A security engineer said the intruder provided evidence of obtaining access to crucial systems at the ride-hailing service.

There was no indication that Uber’s fleet of vehicles or its operation was in any way affected.

“It seems like they’ve compromised a lot of stuff,” said Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.

Curry said he spoke to several Uber employees who said they were “working to lock down everything internally” to restrict the hacker’s access. That included the San Francisco company’s Slack internal messaging network, he said.

He said there was no indication that the hacker had done any damage or was interested in anything more than publicity. “My gut feeling is that it seems like they are out to get as much attention as possible.”

The hacker had alerted Curry and other security researchers to the intrusion on Thursday evening by using an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network through its bug-bounty program, which pays ethical hackers to ferret out network weaknesses.

The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.

The Associated Press attempted to contact the hacker at the Telegram account where Curry and the other researchers chatted with them. But no one responded.

The New York Times reported that the person who claimed responsibility for the hack said they gained access through social engineering: They sent a text message to an Uber worker claiming to be a company tech employee and persuaded the worker to hand over a password that gave them access to the network.

The Times said the hacker reported being 18 years old and saying they broke in because the company had weak security.

One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.

Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used a similar ploy in 2020 to hack Twitter

Uber said via email that it was “currently responding to a cybersecurity incident. We are in touch with law enforcement.” It said it would provide updates on its Uber Comms twitter feed.

The company has been hacked before.

Its former chief security officer, Joseph Sullivan, is currently on trial on allegations he arranged to pay hackers $100,000 to cover up a 2016 high-tech heist in which the personal information of about 57 million customers and drivers was stolen.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - Gabby Petito's mother Nichole Schmidt, wipes a tear from her face during a news conference o...

Associated Press

Mother of man who killed Gabby Petito said in letter she would help son ‘dispose of a body’

The mother of the man who killed Gabby Petito told her son in an undated letter that she would “dispose of a body” if needed because she loved him so much, according to copies of the note shared publicly for the first time this week by attorneys for Petito's parents.

2 days ago

A member of the 3rd U.S. Infantry Regiment, also known as The Old Guard, places flags in front of e...

Associated Press

5 things to know about Memorial Day including its controversies

Memorial Day is supposed to be about mourning the nation’s fallen service members, but it’s come to anchor the unofficial start of summer and a long weekend of discounts on anything from mattresses to lawn mowers.

2 days ago

FILE - This artist sketch depicts the trial of Oath Keepers leader Stewart Rhodes, left, as he test...

Associated Press

Officers describe chaos, fear on Jan. 6 as judge weighs prison time for Oath Keepers’ Rhodes

Police officers who defended the U.S. Capitol on Jan. 6, 2021, and public servants who fled the mob's attack told a judge on Wednesday that they are still haunted by what they endured, as the judge prepares to hand down sentences in a landmark Capitol riot case.

3 days ago

Pride month merchandise is displayed at the front of a Target store in Hackensack, N.J., Wednesday,...

Associated Press

Target on the defensive after removing LGBTQ+-themed products

Target once distinguished itself as being boldly supportive of the LGBTQ+ community.

4 days ago

(Photo By Tom Williams/CQ Roll Call via Getty Images)...

Associated Press

Former Arizona television journalist announces bid for Schweikert’s US House seat

A former Phoenix television journalist announced her candidacy Wednesday for the congressional seat currently held by seven-term Republican Rep. David Schweikert.

4 days ago

Tortoise by Henry Davis earned an honorable mention in the "Adventures in Nature” student photo c...

Associated Press

When you adopt a desert tortoise, prepare for a surprisingly social and zippy pet

They’re not fluffy, they don’t play fetch and they certainly don’t roll over. But there is such a thing as a lap tortoise.

5 days ago

Sponsored Articles

...

Desert Institute for Spine Care

Spinal fusion surgery has come a long way, despite misconceptions

As Dr. Justin Field of the Desert Institute for Spine Care explained, “we've come a long way over the last couple of decades.”

(Photo: OCD & Anxiety Treatment Center)...

OCD & Anxiety Treatment Center

Here’s what you need to know about OCD and where to find help

It's fair to say that most people know what obsessive-compulsive spectrum disorders generally are, but there's a lot more information than meets the eye about a mental health diagnosis that affects about one in every 100 adults in the United States.

(Desert Institute for Spine Care in Arizona Photo)...

Desert Institute for Spine Care in Arizona

5 common causes for chronic neck pain

Neck pain can debilitate one’s daily routine, yet 80% of people experience it in their lives and 20%-50% deal with it annually.

Hacker claims to breach Uber, security researcher says