In an unfortunate twist of events, the popular ride app, Uber, has been hacked in what one security engineer describes as a “total compromise”. Uber discovered earlier this week their computer network had been breached. Several internal communication and engineering systems were taken offline while investigations commenced.
The breach seems to have compromised the majority of Uber’s internal systems, forcing Uber employees offline and unable to use the company’s internal messaging system, Slack.
An anonymous identity is claiming ownership of the attack and has been communicating during the breach. “I announce I am a hacker and Uber has suffered a data breach,” was the message received by Uber employees and continued on to list multiple internal databases the mysterious author claimed to have compromised.
How did they do it? Not one to shy away, the hacker stated to The New York Times that he had “sent a text message to an Uber worker claiming to be a corporate information technology person”. The employee believed the hacker and was persuaded to divulge a password that ultimately led to the attack. This case is an example of social engineering, a common technique to gain sensitive information for malicious intent.
The hacker claims to be 18 years old and revealed his intent to break into Uber’s systems was simply because the company had weak security in place. He did, however, take the opportunity to state that Uber drivers should receive higher pay in the breach announcement. Another source states he breached the company for fun and “might leak source code in a few months”. Sam Curry, a security engineer at Yuga Labs quotes, “They pretty much have full access to Uber. This is a total breach, from what it looks like”.
“It seems like maybe they are this kid who got into Uber and doesn’t know what to do with it and is having the time of his life.”
Uber’s investigation continues and it is unclear what cybersecurity damage control they are implementing in attempt to remove the hacker from their systems. It goes to show, any business or individual is a target without reliable cybersecurity in place as hackers continue to prove that the “it’s never going to happen to me” mentality is the biggest danger in our digital world.