House › Cyberwarfare
Uber Confirms Hacker Accessed Inside Instruments, Bug Bounty Dashboard
By Ryan Naraine on September 19, 2022
Trip-hailing big Uber is transferring rapidly to downplay the influence from a devastating safety breach that included the theft of worker credentials, entry to the HackerOne bug bounty dashboard and knowledge from an inside invoicing instrument.
In a notice printed Monday, Uber confirmed that an exterior contractor had their account compromised by an attacker who used that entry to raise permissions on Google GSuite and the Slack communications platforms.
Uber acknowledged that the attacker had entry to a number of inside instruments however insisted that public-facing programs that deal with bank cards, checking account info or ride-share journey historical past remained protected.
From Uber’s newest breach replace:
“Initially, we’ve not seen that the attacker accessed the manufacturing (i.e. public-facing) programs that energy our apps; any person accounts; or the databases we use to retailer delicate person info, like bank card numbers, person checking account information, or journey historical past. We additionally encrypt bank card info and private well being knowledge, providing an extra layer of safety.
We reviewed our codebase and haven’t discovered that the attacker made any modifications. We additionally haven’t discovered that the attacker accessed any buyer or person knowledge saved by our cloud suppliers (e.g. AWS S3).”
[ READ: Uber Investigating Data Breach After Hacker Claims Extensive Compromise ]
The corporate stated the attacker efficiently downloaded inside Slack messages and knowledge from an inside instrument our finance crew makes use of to handle some invoices. “We’re presently analyzing these downloads,” Uber stated.
Extra ominously, Uber stated the attacker was capable of entry its bug bounty dashboard at HackerOne, suggesting the publicity of information on safety vulnerabilities. “Nevertheless, any bug reviews the attacker was capable of entry have been remediated,” the corporate stated.
“All through, we have been capable of hold all of our public-facing Uber, Uber Eats, and Uber Freight providers operational and operating easily. As a result of we took down some inside instruments, buyer help operations have been minimally impacted and at the moment are again to regular.”
[ READ: The Chaos (and Cost) of the Lapsus$ Hacking Carnage ]
Uber stated it believes the attacker bought the contractor’s Uber company password on the darkish internet, after the contractor’s private machine had been contaminated with malware, exposing these credentials.
“The attacker then repeatedly tried to log in to the contractor’s Uber account. Every time, the contractor obtained a two-factor login approval request, which initially blocked entry. Ultimately, nevertheless, the contractor accepted one, and the attacker efficiently logged in.
From there, the attacker accessed a number of different worker accounts which finally gave the attacker elevated permissions to numerous instruments, together with G-Suite and Slack,” Uber defined.
The attacker then posted a message to a company-wide Slack channel, which lots of you noticed, and reconfigured Uber’s OpenDNS to show a graphic picture to staff on some inside websites.
The corporate stated it believes the infamous Lapsus$ hacking gang is behind the compromise.
Associated: Uber Investigating Knowledge Breach After Hacker Claims Intensive Compromise
Associated: Twilio, Cloudflare Attacked in Marketing campaign That Hit Over 130 Organizations
Associated: Okta Says Buyer Knowledge Compromised in Twilio Hack
Get the Each day Briefing
- Most Current
- Most Learn
- Uber Confirms Hacker Accessed Inside Instruments, Bug Bounty Dashboard
- Rockstar Video games Confirms Breach Resulting in GTA 6 Leak
- Eyeglass Reflections Can Leak Info Throughout Video Calls
- Free Decryptor Obtainable for LockerGoga Ransomware Victims
- LastPass Discovered No Code Injection Makes an attempt Following August Knowledge Breach
- GTA 6 Movies and Supply Code Stolen in Rockstar Video games Hack
- Severe Breach at Uber Spotlights Hacker Social Deception
- SOC Infrastructure Agency Cyrebro Raises $40 Million
- Water Tank Administration System Used Worldwide Has Unpatched Safety Gap
- Recreation Acceleration Module Vulnerability Exposes Netgear Routers to Assaults
In search of Malware in All of the Incorrect Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Laptop Says About You
Be in a Place to Act Via Cyber Situational Consciousness
Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice 12 months To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
Easy methods to Determine Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Enticing
Easy methods to Defend Towards DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise