Ride-share company Uber has brought startling news to customers in which it confirmed the hacking of its internal system and the company’s account of multiple third-party systems.
In a report, the New York Times mentioned that Uber was investigating the compromise of its internal system. They have tried to arrange meetings with their engineers in offline mode. As many of their employees have confirmed the access of slack accounts of Uber employees to hackers that is a thing to worry for them.
This whole series of events has shaken the whole Uber to its core. Uber confirmed this hacking. Several security researchers have confirmed the contact access with hackers.
“We are currently responding to a cyber security incident. We are in touch with law enforcement and will post additional updates here as they become available,” Uber’s communications team wrote on Twitter.
The extent of compromise done by hackers is known yet but the screenshot posted by the actor, indicate they have access to Uber’s administrative account on third-party services.
“We’re in close contact with Uber’s security team, have locked their data down, and will continue to assist with their investigation,” said Chris Evans, CISO for HackerOne.
Corben Leo, a security researcher, and chief marketing officer at Zellic, told SC Media that he learned directly from the hacker that the individual phished an Uber employee to gain access to Uber’s corporate VPN. From there, they were able to scan Uber’s internal corporate network, where they found administrative user credentials for Uber’s Thycotic account, a privileged access management system, through a shared network resource.
“Using this they were able to access Uber’s AWS environment, GSuite, Duo (can thus bypass 2FA for anything), OneLogin, get Domain Admin, etc.,” Corben said through a Twitter direct message.
Leo told SC Media that he had not tried after that to make any contact with hackers.
