Uber said Thursday that he contacted law enforcement after a hacker apparently broke into his network. A security engineer said the intruder provided evidence of gaining access to critical systems of the chauffeur-driven car rental service.
There was no indication that Uber’s vehicle fleet or operations were affected by the incident.
“It seems like they’ve compromised a lot of things,” said Sam Curry, an engineer at Yuga Labs who contacted the insider. That includes full access to their cloud environments at Amazon and Google where Uber stores its source code and customer data. , he added.
Curry spoke with several Uber employees who said they were “working to lock down everything internally” to restrict hacker access, including the San Francisco firm’s internal Slack messaging network.
There was no indication that the hacker had caused damage or had an interest in anything other than publicity, Curry said. “My gut feeling is that it looks like they were trying to get as much attention as possible,” he added.
The intruder alerted Curry and other security researchers at his operation Thursday night through an internal Uber account to comment on vulnerabilities the group had previously identified in the firm’s network through its bug-finding program. bugs and bounties, which pays ethical hackers to detect weaknesses in the system.
The insider provided the address of a Telegram account, and Curry and other investigators contacted him separately, sharing screenshots of various pages of Uber’s cloud service providers to prove his entry.
The Associated Press tried to contact the hacker through the same Telegram account but received no response.
The New York Times reported that the person who claimed responsibility for the attack said he gained access using social engineering: an Uber worker was sent a text message pretending to be a technical employee of the firm and was convinced to give an access password. To the system.
According to the newspaper, the hacker was 18 years old and initiated the action due to the weak security of the firm.
In an email, Uber explained that it was “responding to a cybersecurity incident. We are in contact with the authorities.”