Uber is investigating a security breach in all of its internal servers and systems. Today we woke up to the news that a hacker has managed to access all Uber servers in the cloud, that is, Uber has been completely hacked. The access method seems to have been through social engineering, that is, it has managed to trick an Uber worker into obtaining the VPN credentials and subsequently scanning the company’s entire internal network (intranet). All your Uber data may now be in their hands.
How Uber has been hacked
The first information indicates that, apparently, they have carried out a social engineering attack on an employee. Once the cybercriminal has obtained the VPN credentials, he has dedicated himself to scanning the entire internal network, where there were Powershell scripts with different administrator passwords. Using these Powershell scripts, he has been able to access all the data from Windows Active Directory services, Onelogin, Amazon Web Services and also everything they have in GSuite.
That is to say, it seems that the form of access has been through the VPN service, to later scan all the equipment and services to try to obtain more information. HackerOne’s Uber account has also been affected by this hack, they have obtained their credentials and are replying to all tickets indicating that Uber has been completely hacked, and that logically HackerOne’s account has also been hacked.
In the official Uber Twitter account they indicate that they are currently responding to this security incident, and that they are in contact with the police.
As you can see, right now Uber is working on this security incident, but logically the cybercriminal has already obtained a large amount of information.
What data have you had access to?
The cybercriminal has also published screenshots of the Uber instance on AWS (Amazon Web Services), HackerOne’s administration panel and much more, as you can see here:
Other information that has been leaked is financial data , the information that comes in vSphere, Google Workplace Data and much more. The truth is that it is incredible that all Uber systems have been completely hacked, once again it is shown that an employee is the weakest link in the entire chain, since they have carried out a social engineering attack to access the company’s VPN. business.
It is very possible that all user databases with their personal information, name, surname, email, contact information and much more information, is now in the hands of the hacker. Our recommendation is always to change your passwords when a service has been hacked, but right now it’s possible that the hacker is still inside your internal network, so it wouldn’t help at all. We are seeing some internal and anonymous comments from Uber workers, where they indicate that they have received an email from the IT department telling them to stop using Slack, because logically this corporate messaging platform may also have been compromised. It seems that many management websites have disappeared internally, and simply lead to a deleted page with a porn image as a mockery.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.