Uber investigates cybersecurity incident after studies of a hack

Uber stated it’s “at present responding to a cybersecurity incident” after studies {that a} hacker compromised its methods.

Rafael Henrique | Sopa Pictures | Lightrocket | Getty Pictures

Uber on Thursday stated it’s investigating a cybersecurity incident following studies that the ride-hailing firm had been hacked.

“We’re at present responding to a cybersecurity incident,” Uber stated in a press release on Twitter. “We’re in contact with regulation enforcement and can publish further updates right here as they change into accessible.”

A hacker gained management over Uber’s inside methods after compromising the Slack account of an worker, in keeping with the New York Times, which says it communicated with the attacker instantly. Slack, a office messaging service, is utilized by many tech firms and startups for on a regular basis communications.

Uber has now disabled its Slack, in keeping with a number of studies. Shares of Uber declined practically 4% in premarket buying and selling Friday.

After compromising Uber’s inside Slack in a so-called social engineering assault, the hacker then went on to entry different inside databases, the Occasions reported.

A separate report, from the Washington Post, stated the alleged attacker advised the newspaper that they had breached Uber for enjoyable and will leak the corporate’s supply code in a matter of months.

Staff initially thought the assault to be a joke and responded to Slack messages from the alleged hacker with emojis and GIFs, the Publish reported, citing two individuals conversant in the matter.

Screenshots shared on Twitter counsel the hacker additionally managed to take over Uber’s accounts with Amazon Net Companies and Google Workspace, and acquire entry to inside monetary information.

CNBC was unable to independently confirm the knowledge. Uber declined to remark past its assertion posted on Twitter.

Whereas it is not completely clear but how Uber’s methods had been compromised, cybersecurity researchers stated preliminary studies point out the hacker eschewed refined hacking strategies in favor of social engineering. That is the place criminals prey on individuals’s credulity and inexperience to achieve entry to company accounts and delicate information.

“This can be a fairly low-bar to entry assault,” stated Ian McShane, vp of technique at cybersecurity agency Arctic Wolf. “Given the entry they declare to have gained, I am shocked the attacker did not try to ransom or extort, it seems like they did it ‘for the lulz’.”

“It is proof as soon as once more that usually the weakest hyperlink in your safety defenses is the human,” McShane added.

Information of the assault comes as Uber’s former safety chief, Joe Sullivan, is standing trial over a 2016 breach during which the information of 57 million customers and drivers had been stolen. In 2017, the corporate admitted to concealing the assault and, the next yr, paid $148 million in a settlement with 50 U.S. states and Washington, D.C.

Uber has tried to scrub up its picture within the wake of the exit of Travis Kalanick in 2017, the controversial former CEO who based the corporate in 2010. However scandals and controversies from Kalanick’s tumultuous tenure proceed to hang-out the agency.

In July, The Guardian reported on the leak of hundreds of paperwork which detailed how Uber pushed into cities world wide, even when it meant breaking native legal guidelines. In a single occasion, former CEO Travis Kalanick stated that “violence ensures success” after being confronted by different executives about issues for the protection of Uber drivers despatched to a protest in France.

In response to The Guardian’s reporting on the time, Uber stated the occasions had been associated to “previous conduct” and “not in keeping with our current values.”

Source link

Similar Posts

Leave a Reply