Popular Science headline: Hacker gains ‘full access’ to Uber’s networks using one of oldest tricks in the book
Sub-headline: A still unidentified person conned an Uber employee into handing over a vital security password.
BY ANDREW PAUL | PUBLISHED SEP 16, 2022 1:00 PM
https://www.popsci.com/technology/ubers-hacker-password-scam…
Uber announced yesterday that it had taken many of its internal communications channels and engineering systems offline after an anonymous individual gained access to scores of secure data that purportedly includes emails, cloud storage, and coding repositories. The still unknown person claiming responsibility has since provided screenshots of their work as proof to both The New York Times and a security engineer at Yuga Labs. The screenshots revealed that they gained their stunningly comprehensive and potentially devastating entry into Uber’s inner workings using one of the simplest, oldest tricks in the book: Simply put, they duped an Uber employee into giving them their password.
The more official term used in the cybersecurity world is “social engineering,” which LSU’s IT Security and Policy Office defines as whenever bad actors use “human interaction (social skills) to obtain or compromise information about an organization or its computer systems.” In this case, The NY Times reports, the individual sent a text message to an Uber employee claiming to be an IT officer, and was able to persuade them into handing over their password.
From there, they gained entry into Uber’s systems and took over a worker’s Slack profile to post the (admirably) straightforward update: “I announce I am a hacker and Uber has suffered a data breach.” They then went on to argue that Uber drivers should receive higher pay. The NY Times also notes the hacker gained access to even more systems from there, and went so far as to post an “explicit photo” on an internal employee information page.
$UBER Daily chart
$UBER weekly chart
$UBER monthly chart