Uber stated Thursday that it reached out to regulation enforcement after a hacker apparently breached its community. A safety engineer stated the intruder supplied proof of acquiring entry to essential methods on the ride-hailing service.

There was no indication that Uber’s fleet of autos or its operation was in any approach affected.

“It looks like they’ve compromised quite a lot of stuff,” stated Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That features full entry to the Amazon and Google-hosted cloud environments the place Uber shops its supply code and buyer knowledge, he stated.

Curry stated he spoke to a number of Uber staff who stated they have been “working to lock down every thing internally” to limit the hacker’s entry. That included the San Francisco firm’s Slack inner messaging community, he stated.

He stated there was no indication that the hacker had performed any injury or was considering something greater than publicity. “My intestine feeling is that it looks like they’re out to get as a lot consideration as doable.”

UBER HACKER ALERTED SECURITY

The hacker had alerted Curry and different safety researchers to the intrusion on Thursday night through the use of an inner Uber account to touch upon vulnerabilities they’d beforehand recognized on the corporate’s community by way of its bug-bounty program, which pays moral hackers to ferret out community weaknesses.

The hacker supplied a Telegram account handle and Curry and different researchers then engaged them in a separate dialog, sharing screenshots of assorted pages from Uber’s cloud suppliers to show they broke in.

The Related Press tried to contact the hacker on the Telegram account the place Curry and the opposite researchers chatted with them. However nobody responded.

The New York Instances reported that the one that claimed accountability for the hack stated they gained entry by way of social engineering: They despatched a textual content message to an Uber employee claiming to be an organization tech worker and persuaded the employee handy over a password that gave them entry to the community.

The Instances stated the hacker reported being 18 years outdated and saying they broke in as a result of the corporate had weak safety.

One screenshot posted on Twitter and confirmed by researchers exhibits a chat with the hacker by which they are saying they obtained the credentials of an administrative consumer by way of social engineering.

Social engineering is a well-liked hacking technique, as people are usually the weakest hyperlink in any community. Youngsters used an analogous ploy in 2020 to hack Twitter

UBER RESPONDING TO ‘CYBERSECURITY INCIDENT’

Uber stated by way of e-mail that it was “at present responding to a cybersecurity incident. We’re in contact with regulation enforcement.” It stated it will present updates on its Uber Comms twitter feed.

The corporate has been hacked earlier than.

Its former chief safety officer, Joseph Sullivan, is at present on trial on allegations he organized to pay hackers $100,000 to cowl up a 2016 high-tech heist by which the private data of about 57 million clients and drivers was stolen.