The young hacker, for understandable reasons, does not want to reveal his identity, because he is aware that his actions are outside the law. However, he bragged to the New York Times that he gained access to many of Uber’s internal systems.
–
Presumably, he should have been able to obtain a series of sensitive data. However, it is currently unclear whether the data of users using the service is also at risk. Uber operates in dozens of countries, including the Czech Republic. Around 118 million people are actively using it.
–
A security engineer at Yuka Labs pointed out that this is a “huge security problem” according to published data. According to him, the hacker would have had access to Uber’s complete electronic systems.
–
Someone hacked an Uber employee HackerOne account and is commenting on all tickets. They probably have access to all Uber HackerOne reports. pic.twitter.com/00j8V3kcoE
– Sam Curry (@samwcyo) September 16, 2022
–
Uber did not disclose the details
Until now, the technology platform for transporting people has been limited to stoic and silent expressions. “We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates as they become available, “the company said on Twitter.
–
However, the company immediately shut down the internal Slack communicator and a number of other systems that were obviously affected by the attack.
–
According to the New York Times, the company no longer disclosed anything to the employees themselves. “At the moment, we cannot estimate when full access to all tools in use will be restored. Thank you for your patience,” Latha Maripuri, director of information security, wrote in an internal communication to employees.
–
We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates here as they become available.
– Uber Comms (@Uber_Comms) September 16, 2022
–
Security and copyright
Uber itself learned of the attack only on Thursday, when the same hacker contacted him. He sent screenshots of email, cloud storage, and a software repository containing the service’s source code.
–
The next day, the young man revealed to the New York Times that he had managed to lure data from a company employee with the help of social engineering. Then a trusted employee served him his logins like on a plate of gold, which is why the attacker got access to the company data.
–
According to the 9to5Mac server, the young man had two motives for breaking into a foreign computer system. On the one hand, he wanted to draw attention to the weak security of the entire platform, and on the other hand, Uber wants to push for better pay for male and female drivers. However, he did not disclose whether he is determined to publish the stolen data if the platforms don’t raise their rates.
Hackers stole the data of 57 million Uber customers and drivers
Safety
–
