Uber “Currently Responding To A Cybersecurity Incident” While The 18-Year Old Hacker Openly Discusses How He Did It

Uber Technologies, Inc. (NYSE: UBER) said on Friday that it is “currently responding to a cybersecurity incident” after it was reported that a hacker infiltrated the company’s internal network.

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

— Uber Comms (@Uber_Comms) September 16, 2022

To add salt to the proverbial digital wound, the hacker–reportedly an 18-year old–himself announced the hack to Uber employees via compromising the Slack account of one of them to send the message.

“I announce I am a hacker and Uber has suffered a data breach,” the message read.

Furthermore, the hacker is openly discussing how they achieved the feat, as screenshots of the conversation with the attacker would suggest.

This story is still developing and these are some extreme claims, but there does appear to be evidence to support it. The attacker shared several screenshots of Uber's internal environment, including their GDrive, VCenter, sales metrics, Slack, and even their EDR portal. 8/N pic.twitter.com/bmOMJiUCuy

— Bill Demirkapi (@BillDemirkapi) September 16, 2022

The fact that the attackers appear to have compromised an IR team member's account is worrisome. EDRs can bake in "backdoors" for IR, such as allowing IR teams to "shell into" employee machines (if enabled), potentially widening the attacker's access. 10/N https://t.co/9PJU53FfF8 pic.twitter.com/F5LlpG9Ogr

— Bill Demirkapi (@BillDemirkapi) September 16, 2022

The attack seems to be straightforward: the hacker was able to get around an Uber employee’s login credentials after circumventing the company’s multi-factor authentication process. From there, the hacker continued to use the identity and existing VPM of that employee to pivot to the internal network. Fortunately for the hacker, the access leads to scripts with privileged credentials.

Through this, the hacker relayed that it allowed access to Uber’s Duo, OneLogin, AWS, and Gsuite networks.

An 18 yr old hacked Uber through social engineering an employee's password. Reportedly gained access to Uber source code, email, HackerOne bug reports, AWS admin, G Suite admin, and domain admin.

Train your teams about social engineering.https://t.co/pooTEVP69Y

— CZ 🔶 Binance (@cz_binance) September 16, 2022

Following the report on the hack, the ride-hailing platform immediately took its internal communications and engineering systems offline.

Uber last traded at US$31.23 on the NYSE.

---

Information for this briefing was found via CTV News and the sources mentioned. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.