Uber Falls for a Teen’s Hack! The Whole Internet is Laughing at This Joke
A teen hacked Uber and announced it on the company slack, employees thought that was a joke!
Artificial intelligence is all the rave now. As we are living in a technology-driven world, every day we come across something dangerous and exciting on the internet. A teen hacked Uber and announced it on the company slack and then it became trending news!
An 18-year-old teen hacker has taken responsibility for hacking Uber and the details are not presenting a good feel for the rideshare company. This Thursday night, Uber declared that it had experienced a “cybersecurity incident” and that it was functioning with law enforcement on the issue. A report in the New York Times described the “incident” as a data breach that rendered many of Uber’s internal systems offline. As immeasurably more details have dribbled from Uber employees, we now understand deeply what happened.
So, how did it go down? An 18-year-old hacker deployed fundamental social engineering techniques targeting an Uber employee. The hacker said to the New York Times that he simply posed as an IT employee from corporate in a text message and convinced the employee to forward a password that provided him access. “This is just another example of what attack after attack has exhibited: social engineering is the predominant way that big tech fall victim to breaches, and adversaries know it works,” stated Josh Yavor, chief information security officer for the cloud security company Tessian, in a statement to Mashable. “We keep seeing the same tactics play out regardless of the adversary or victim: adversaries know that people can be tricked into giving up their passwords.”
On top of the clarity of the hack, there’s one more incredible facet to this breach that Uber was unable to identify that it was hacked until the teen hacker announced himself on the company’s Slack channel. “Hi @here,” the hacker’s message started. “I announce I am a hacker and uber has suffered a data breach.” The hacker begins to run down some of the company’s internal systems that were compromised, like Slack for example, and ended his message by shouting at Uber for underpaying its drivers. In the beginning, Uber employees felt it was a joke. Sam Curry, a staff engineer at Yuga Labs, the company behind the Bored Ape Yacht Club NFT project, shared additional information about the hack which he mentioned he got from a trusted source at Uber. According to Curry’s source, Uber’s domain admin, Amazon Web Services admin, and GSuite were among some of the company accounts that were compromised. Screenshots, allegedly from the hacker, quickly spread showing his access to these services.
“Anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers,” uttered Curry’s Uber source. Uber also quickly alert its employees to stay away from Slack, but according to Curry’s source, many people in the company kept logging back on to scan out everyone’s joke responses. In its report on the hack, The Verge spotlighted a Twitter thread from security researcher Corben Leo who got into technical about how the hacker managed to get access to so many internal systems. Basically, once the worker sent his password to the teen, the young hacker could manage to access the company VPN, scan the intranet, and find PowerShell scripts containing credentials for multiple services.
“Getting access to private data inside VPNs requires to be hard and behind uncompromising protections,” uttered Jack Moore, global cyber security advisor at cybersecurity company ESET, to Mashable. “Utilising a simple SMS as a vehicle to hack into their systems now confront Uber with a lot of questions about how much data was compromised with such an easy method.” Moore further mentioned that the attack should “highlight again the importance of training staff to remain eagle-eyed and with the keen sense to spot targeted phishing attempts and double-check before handing over any sort of credentials.”
It’s not the first time Uber to face such a situation of a hack. Back in 2016, a 20-year-old was behind a security breach that harmed 57 million Uber customers around the world. This time around, however, Uber commented that sensitive user data wasn’t compromised.