Hacker claims to breach Uber, security researcher says

Sep 15, 2022, 10:00 PM | Updated: Sep 20, 2022, 5:51 am

Uber said Thursday that it reached out to law enforcement after a hacker apparently breached its network. A security engineer said the intruder provided evidence of obtaining access to crucial systems at the ride-hailing service.

There was no indication that Uber’s fleet of vehicles or its operation was in any way affected.

“It seems like they’ve compromised a lot of stuff,” said Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.

Curry said he spoke to several Uber employees who said they were “working to lock down everything internally” to restrict the hacker’s access. That included the San Francisco company’s Slack internal messaging network, he said.

He said there was no indication that the hacker had done any damage or was interested in anything more than publicity. “My gut feeling is that it seems like they are out to get as much attention as possible.”

The hacker had alerted Curry and other security researchers to the intrusion on Thursday evening by using an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network through its bug-bounty program, which pays ethical hackers to ferret out network weaknesses.

The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.

The Associated Press attempted to contact the hacker at the Telegram account where Curry and the other researchers chatted with them. But no one responded.

The New York Times reported that the person who claimed responsibility for the hack said they gained access through social engineering: They sent a text message to an Uber worker claiming to be a company tech employee and persuaded the worker to hand over a password that gave them access to the network.

The Times said the hacker reported being 18 years old and saying they broke in because the company had weak security.

One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.

Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used a similar ploy in 2020 to hack Twitter

Uber said via email that it was “currently responding to a cybersecurity incident. We are in touch with law enforcement.” It said it would provide updates on its Uber Comms twitter feed.

The company has been hacked before.

Its former chief security officer, Joseph Sullivan, is currently on trial on allegations he arranged to pay hackers $100,000 to cover up a 2016 high-tech heist in which the personal information of about 57 million customers and drivers was stolen.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

(Facebook Photo/City of San Luis, Arizona)...
Associated Press

San Luis authorities receive complaints about 911 calls going across border

Authorities in San Luis say they are receiving more complaints about 911 calls mistakenly going across the border.
4 days ago
(Pexels Photo)...
Associated Press

Daylight saving time begins in most of US this weekend

No time change is observed in Hawaii, most of Arizona, Puerto Rico, the U.S. Virgin Islands, American Samoa, Guam and the Northern Marianas.
12 days ago
Mexican army soldiers prepare a search mission for four U.S. citizens kidnapped by gunmen in Matamo...
Associated Press

How the 4 abducted Americans in Mexico were located

The anonymous tip that led Mexican authorities to a remote shack where four abducted Americans were held described armed men and blindfolds.
12 days ago
Tom Brundy points to a newly built irrigation canal on one of the fields at his farm Tuesday, Feb. ...
Associated Press

Southwest farmers reluctant to idle farmland to save water

There is a growing sense that fallowing will have to be part of the solution to the increasingly desperate drought in the West.
19 days ago
A young bison calf stands in a pond with its herd at Bull Hollow, Okla., on Sept. 27, 2022. The cal...
Associated Press

US aims to restore bison herds to Native American lands after near extinction

U.S. officials will work to restore more large bison herds to Native American lands under a Friday order from Interior Secretary Deb Haaland.
19 days ago
(Photo: OCD & Anxiety Treatment Center)...
Sponsored Content by OCD & Anxiety Treatment Center

Here's what you need to know about OCD and where to find help

It's fair to say that most people know what obsessive-compulsive spectrum disorders generally are, but there's a lot more information than meets the eye about a mental health diagnosis that affects about one in every 100 adults in the United States.

Sponsored Articles

...
Fiesta Bowl Foundation

Celebrate 50 years of Vrbo Fiesta Bowl Parade magic!

Since its first production in the early 1970s, the Vrbo Fiesta Bowl Parade presented by Lerner & Rowe has been a staple of Valley traditions, bringing family fun and excitement to downtown Phoenix.
...
Quantum Fiber

How high-speed fiber internet edges out cable for everyday use

In a world where technology drives so much of our daily lives, a lack of high-speed internet can be a major issue.
...
Day & Night Air Conditioning, Heating and Plumbing

Prep the plumbing in your home just in time for the holidays

With the holidays approaching, it's important to know when your home is in need of heating and plumbing updates before more guests start to come around.
Hacker claims to breach Uber, security researcher says