Uber, a ride-hailing service, said there was no evidence that users’ personal information was exposed in a breach of its internal computer system discovered late Thursday. It also mentioned that it had returned all internal software tools that had been taken offline and as a safety measure alerted law enforcement.
“We have no evidence that the incident involved access to sensitive user data (like trip history). All of our services, including Uber, Uber Eats, Uber Freight and the Uber Driver app, are operational,” the company said.
A lone hacker, an 18-year-old teenager, allegedly tricked a Uber employee into supplying login information through social engineering to the victim to accept an MFA multi-factor authentication prompt that allowed the attacker to register his own device.
Inside, the attacker discovered an internal network share that contained PowerShell scripts with privileged admin credentials and gave him full access to other critical systems such as AWS, Google Cloud Platform, OneLogin, SentinelOne Incident Response Portal, and Slack. The hacker is also said to have obtained private vulnerability reports submitted via HackerOne as part of Uber’s bug bounty program.
Analysis of the downloaded artifacts recorded in the hacker’s screenshots revealed that they were logs that had been captured by the malware that had been put up for sale on the cybercriminal underground just a few days earlier.
So far, the attacker’s intentions for the breach are unknown, although a message posted by the hacker on Slack called for higher pay for Uber’s drivers.
The sources for this piece include an article in TheHackerNews.