Uber reported on September 15, 2022 local time that its internal system was hacked by someone. On September 19th, the latest information on the hacking damage was reported, revealing the hacker’s modus operandi, Uber’s response, and potentially leaked data.
Security update | Uber Newsroom
https://www.uber.com/newsroom/security-update/
Uber links breach to Lapsus$ group, blames contractor for hacking
https://www.bleepingcomputer.com/news/security/uber-links-breach-to-lapsus-group-blames-contractor-for-hack/
Uber admits ‘several internal systems’ breached, blames gang • The Register
https://www.theregister.com/2022/09/19/uber_admits_breach/
In the September 15 hack of Uber, the hacker sent a message on internal Slack saying, “I’m a hacker, and I’m announcing that Uber has suffered a data breach,” and published a list of the internal systems that were compromised. That’s what I’m talking about. Also, the hackersOpenDNSit was said to have been reconfigured to show indecent images on some internal sites.
Uber is hacked, a hacker invades the company’s Slack and launches an attack statement and obscene image bombing – GIGAZINE
And on September 19, Uber reported the latest information about this hacking damage on its official website. First, the hack was triggered by an Uber contractor’s personal device being infected with malware and Uber’s corporate account details being sold on the dark web.
Hackers bought credentials and tried to log in, but were blocked because two-factor authentication was in place. However, after many login attempts, the contractor finally accepted two-factor authentication, so the hacker was able to log into Uber’s internal system. After that, the hackers also accessed other employees’ accounts, gained access to tools such as G-Suite and Slack, and carried out attacks such as posting messages to Slack and displaying obscene images on internal websites.
In response to a series of hacks, Uber said the existing security monitoring system quickly identified and responded to the problem. “Our top priority was to prevent attackers from gaining access to our systems to ensure the security of user data and Uber services were not affected,” Uber said.
The main steps Uber has taken are as follows:
・ Identify compromised or potentially compromised employee accounts and block access to Uber systems or required password resets.
Disabled internal equipment affected or potentially affected.
Change access keys on many internal services, effectively resetting access.
– Locked the code base to prevent new code changes.
・Enforce multi-factor authentication policies by requiring employees to re-authenticate when restoring access to internal tools.
・ Added monitoring of the internal environment and focus on suspicious activity.
After first blocking the attacker’s access, Uber began investigating the damage caused by the hack. The investigation is still ongoing at the time of updating the security report, but there is no evidence of access to the user app system, and there is no breach of the user’s account, credit card number, bank account information, or history travel confirmed. reports Uber. Additionally, no changes to the base code or access to customer or user data stored in cloud providers have been confirmed.
In the meantime, the hackers have downloaded a number of internal Slack messages, as well as information from an internal tool used by the finance team to manage invoices. Also, a bounty platform for security researchers to report bugs and vulnerabilities.HackerOneThe dashboard also appears to be accessible, but “all bug reports that the attacker had access to have been fixed,” Uber said.
In a security report, Uber said, “Even during the hacking attack, we were able to maintain the operation of Uber, Uber Eats, and Uber Freight services for the general public and operate smoothly. We are giving up some internal tools. Customer support operations were minimally affected as a result, but are now operating as normal.” He also said, “Uber is working closely with the FBI and the US Department of Justice on this matter and will continue to support future efforts,” he said, also strengthening policies and practices to protect Uber from future attacks. promise we will try.
The hackers carried out this attackMicrosoft・NVIDIA・SamsungInternational hacker group and hacking big companies likeSLIP$Attention is drawn to the fact that he is a member of ‘teapotuberhacker)’ and that he is a self-proclaimed 18-year-old. In addition, teapotuberhacker is also said to have leaked the playtest video and the code of “Grand Theft Auto 6 (GTA 6)” which is in development.
Data from ‘Grand Theft Auto 6’ in development leaked by hacking, development company admits leaked data is authentic – GIGAZINE
Copy the title and URL of this article
