Uber is investigating a hacking incident after a hacker compromised its network forcing the company to take several of its internal communications and engineering systems offline.
According to a report by The New York Times, the hacking incident was reported on Thursday. The hacker is said to have gotten access to an employee’s workplace messaging Slack app and used it to send a message to Uber employees, cybersecurity researchers and even The New York Times announcing that it had suffered a data breach.
The hacker told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker according to Times was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.
He even went ahead and provided screenshots of internal Uber systems to demonstrate his access, saying that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the company had weak security. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay, the Times report added.
The Slack system was taken offline on Thursday afternoon by Uber after employees received the message from the hacker, the Times reports.
Uber has admitted the breach saying ‘’We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.’’
Samantha Humphries, Head of Security Strategy EMEA at Exabeam notes that “This coordinated social engineering attack – on such a large and established organisation – is sadly not the surprise that it may have been a few years ago. What seems to be clear at this stage is it’s a credentials-based attack – malicious use of an employee’s legitimate password. This is far from rare; in fact, a 2022 report found that insider threat incidents have risen 44% over the past two years. ”
Samantha says almost all of the high-profile breaches we see in the news involve attackers leveraging stolen user credentials to gain access to sensitive data. Insiders with access to privileged information represent the greatest risk to a company’s security. This kind of threat she says can be much harder to detect. After all, an attacker with valid credentials looks just like a regular user. This presents one of the most significant challenges for security teams.
”Whilst there are already many details being shared by the purported attacker, the wider implications of this breach are still unknown. However, for Uber’s incident responders, it is certain that they have had better days in the office, and my heart absolutely goes out to them.” Samantha says.
Arti Raman (She/Her), CEO & Founder, Titaniam said the Uber hacking incident is proof that despite security protocols put in place, information can be accessed using privileged credentials, allowing hackers to steal underlying data and share them with the world.
The Uber hack also demonstrates how important identity management backed by strong authentication, such as hardware security keys, are for privileged systems, and why today’s organizations need the ability to detect when attackers exploit, misuse or steal credentials. John Shier, senior security advisor at Sophos says ”As we’ve seen in recent high-profile attacks against large organizations, persistent attackers can and will find a way around multi-factor authentication systems that rely solely on time-based one-time passwords (TOTP) or push-based authentication.”
”The need for compartmentalized access to critical resources, strong authentication and detection of identity-based activity is an important part of an organization’s layered defenses.” he adds.