By: Leonardo Neri
A young hacker ended up invading Uber's private system in September, sending a note to the Messaging Service (Corporate Slack) vehemently announcing the invasion.
Initially, the startup's employees thought of the message as a test by managers to understand the form of action, as it was also understood as a joke among some employees. The message itself was released via print (screen copy) by the renowned Washington Post newspaper in which it said: “I hereby announce that I am a hacker and that Uber has suffered a data breach.”
It turns out that the incident, which was in fact real, ended up exposing the application's security, email and confidential communication methods.
During the unauthorized access, the cybercriminal exposed to the public screenshots of the entire system, AWS Company account, VMware ESXi virtual machines and Google Workspace email conglomerates. However, the hacker claimed that the material was released exclusively due to security concerns.
As a result, Uber had no alternative but to temporarily deactivate some of its internal services, in addition to reporting the criminal activity to the authorities.
Furthermore, it is worth noting that, although Uber's internal resources were invaded, the application itself was not hacked, so user data was not affected, and therefore there is no evidence that it was compromised.
Unfortunately, access to the group's security gave the hacker access to the company's source code, generating internal uproar due to the fact that, in the future, hackers could easily access Uber's security system, which would consequently give them easier access and allow them to disclose prohibited material to the general public.
The hacker also contacted the New York Times to report the form of the hack. The hacker initially sent a message to an Uber employee claiming to be part of the technical support team, in order to trick the employee into providing her private access password. In a statement, the hacker stated that the sole purpose of the access was to prove the company's weak security. However, there are rumors that the hack occurred as a form of protest due to the low pay of employees.
Finally, it is important to note that this was not the first time that Uber had suffered a cyber attack. In 2016, the system was hacked and data on more than 57 million people was leaked, including names, emails, phone numbers and other information, in addition to information on 600,000 drivers registered in the United States.
Source: https://www.uol.com.br/tilt/noticias/redacao/2022/09/16/uber-e-hackeado-e-funcionarios-acharam-que-aviso-do-invasor-era-piada.htm