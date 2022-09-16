Uber has hacked systems and investigates serious security flaw

Some of the main Uber’s systems were reportedly hacked and the company is now investigating what could be a serious security incident.. On Thursday night (16th), a hacker would have taken control of several company systemsincluding Slack, AWS, Google Workspace, HackerOne and others.

The alleged person responsible for breaking into a series of Uber’s internal systems would be an 18-year-old, who spoke to the The New York Times. The hacker in question would have gained complete access to the company’s data.

The improper access occurred at the administrative level in Uber’s environment on Amazon Web Services, as well as in Slack, in addition to a G Suite account with 1 PB in use. The attacker would also have gained access to virtual machines (VMware), internal financial data, expenses and more. It is possible that user and driver data has been compromised.

On Telegram and also on social media, screenshots from Slack and other areas of the company were shared with jokes and warnings that Uber was hacked. It is still unclear what, in fact, was compromised, while Uber has not effectively commented on the case. However, if confirmed, this could be one of the most severe invasions ever suffered by the company (and at different levels).

How Uber was hacked

The attacker, with access to the HackerOne account, reportedly posted updates to the bug bounty page bragging about access to Uber’s systems. If confirmed, he may also have been able to access the company’s security vulnerability reports.

According to the information, also shared by security researchers, the attacker would have tricked an employee using phishing techniques via text messages, and then gained access to an Uber VPN. He would then have found a PowerShell script with credentials for an admin user, and these would have been used to break into systems.

according to New York Times, employees were told to stop using the company’s Slack shortly after the hacker’s allegations and that other corporate systems were shut down as a security measure. However, information circulated that employees believed it was some kind of joke and continued to send messages with jokes.

