Uber confirmed on Thursday, September 15th, 2022 that it was investigating a possible data breach after a hacker claimed that they had compromised Ubers internal & external networks. A message posted on Ubers internal communications system by an anonymous hacker told employees “I announce I am a hacker and Uber has suffered a data breach.”
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.— Uber Comms (@Uber_Comms) September 16, 2022
According to an article from the New York Times, an unidentified hacker successfully used WhatsApp and a fake Uber site to trick an Uber employee into giving out their username and password to the Uber system. The hacker managed to get ahold of an Uber employees WhatsApp number and pretended to be a corporate IT person, asking the employee to log into a fake Uber site via a direct link. Once the Uber employee logged into the fake site, the individual then captured the credentials in real time and used those credentials to log into the real Uber site as well as create their own two factor authenticator so they would have permanent access.
After gaining access to the internal Uber system the individual then scanned the system and found a powershell script that contained the username and password for an admin user account, using those credentials they alleged they were able to gain access to all Uber services, DA, DUO, OneLogin, ASW & GSuite.
This also gained the user access to internal messaging tools such as Slack, which was used to post a message that Uber had been compromised and that drivers should have higher pay. This caused Uber to suspend the use of all internal tools until they they could investigate further.
It hasn’t been confirmed by Uber exactly what access the individual had in the system or that any critical data was compromised, but it appears a person claiming responsibility for the hack sent images of emails, cloud storage details and code respositories to cybersecurity researchers and The New York Times. A quick search on Twitter for Uber hack and it was easy to see these images as well. The individual responsible told the Times that he broke into Uber’s system because the company had weak security.
So what should you do?
This is a nightmare for everyone, not just Uber but also Uber customers, drivers and restaurants. If the hack was true and the information was accessed and the hacker had access to the Uber databases your email, phone number, address or whole Uber accounts could have been compromised as well.
The best thing to do anytime you hear about a company getting hacked is to change all your passwords that are the same as the one you use with that company and enable 2-step verification if the system allows for it. Keep an eye on your credit reports, credit cards and bank accounts for any suspicious activity. Never give out your passwords over the phone, via text or email. If you get an email from a company that ask you to log into their site & you did not try to log in already, make sure you go to that companies site by directly typing the URL into a browser instead of clicking links in the email.