Uber says it’s investigating a “cybersecurity incident” amidst reviews that the corporate’s inside techniques have been breached. The alleged hacker, who claims to be an 18-year outdated, says they’ve administrator entry to firm instruments together with Amazon Internet Companies and Google Cloud Platform. The New York Instances reviews that the ride-hailing enterprise has taken a number of inside techniques, together with Slack, offline whereas it investigates the breach. The hacker seems to have made themselves recognized to Uber’s staff by posting a message on the corporate’s inside Slack system. “I announce I’m a hacker and Uber has suffered a knowledge breach,” screenshots of the message circulating on Twitter learn. The claimed hacker then listed confidential firm data they mentioned they’d accessed, and posted a hashtag saying that Uber underpays its drivers.
The Slack message from the alleged hacker was so brazen that many Uber staff seem to have initially thought it was a joke, the Washington Put up reviews. Worker responses to the put up included lighthearted emoji like sirens and popcorn, in addition to the “it’s occurring” GIF. One unnamed Uber worker advised Yuga Labs safety engineer Sam Curry that workers have been interacting with the hacker considering they have been enjoying a joke. “Sorry to be a stick within the mud, however I believe IT would admire much less memes whereas they deal with the breach,” one worker’s response learn, based on The Put up.
The hacker claimed to the NYT to be 18 years outdated, and advised The Put up that they breached Uber for enjoyable and is contemplating leaking the corporate’s supply code. In a dialog with cybersecurity researcher Corben Leo, in addition they claimed to have gained entry to Uber’s techniques by login credentials obtained from an worker through social engineering, which allowed them to entry an inside firm VPN. From there, they discovered PowerShell scripts on Uber’s intranet containing entry administration credentials that allowed them to allegedly breach Uber’s AWS and G Suite accounts. “This can be a complete compromise, from what it seems like,” Curry advised the NYT. “It looks as if perhaps they’re this child who bought into Uber and doesn’t know what to do with it, and is having the time of his life.”
https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell