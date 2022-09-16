ContributorsPublishersAdvertisers
Public Safety

Uber confirms it was hit by major cyberattack

By Sead Fadilpašić
TechRadar
TechRadar
 3 days ago
https://img.particlenews.com/image.php?url=4W3aKU_0hy0nTV100
(Image credit: Uber)

Taxi giant Uber has suffered a major cyberattack in which threat actors accessed many of the company’s critical IT systems, applications, endpoints (opens in new tab), and sensitive data.

The attack, which has since been confirmed by Uber, appears to be the work of a threat actor managed to steal login credentials from a company employee.

The New York Times, which broke the news, said it had spoken to the alleged hacker, who claimed to have breached Uber after performing a social engineering attack on an employee and stealing passwords.

Stealing vulnerability reports

"We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available," Uber confirmed via its support Twitter account (opens in new tab).

It's not known if any viruses or malware were used, but using the stolen credentials, the attackers were able to gain access to a treasure trove of sensitive data, including internal systems, email dashboard, Slack server, security software, Windows domain, Amazon Web Services console, VMware ESXi virtual machines, and the Google Workspace email admin dashboard.

While all of this data is valuable, the attackers may have hit the jackpot with vulnerability reports.

A source told BleepingComputer the threat actor “downloaded all vulnerability reports” before losing access to Uber’s bug bounty program. In other words, the hackers obtained all of the information regarding bugs and flaws that Uber might be having/fixing at the moment.

Uber runs a bug bounty program via HackerOne, allowing security researchers to share their findings on Uber’s software bugs and vulnerabilities, in private, and get paid for it. This program has since been disabled by HackerOne, but it might just be a little too late.

This is not the first time Uber has faced a major data incident. Earlier in 2022, the company admitted to covering up a major data breach that took place in 2016. That data breach resulted in user data making its way online, and with a couple of executives trying to cover the whole thing up.

Uber’s confession came as part of a settlement that saw it avoid criminal prosecution from the U.S. Department of Justice.

Via: BleepingComputer (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Comments / 0

Related
TechRadar

Microsoft just fixed a whole load of serious security flaws, so patch now

September’s Patch Tuesday is upon us, giving Microsoft the opportunity to fix, among other things, two zero-day vulnerabilities being actively exploited in the wild. As per the company’s security advisory, the two flaws are tracked as CVE-2022-37969, and CVE-2022-23960. The former is a Windows Common Log File System Driver Elevation of Privilege Vulnerability, and it allows for remote code execution. It holds a severity score of 7.8.
SOFTWARE
TechRadar

A huge number of Windows servers are lacking proper security protection

Roughly one in every five Windows servers (opens in new tab) is missing endpoint protection, meaning organizations of all sizes are risking various cybersecurity incidents, including ransomware. A report from Sevco Security, which analyzed data coming in from more than 500,000 IT assets, found that not only are businesses not...
SOFTWARE
CBS LA

Uber dealing with "cybersecurity incident" after hacker appears to breach system

Uber said Thursday that it reached out to law enforcement after a hacker apparently breached its network. A security engineer said the intruder had provided evidence of obtaining access to crucial cloud systems at the ride-hailing service. Uber tweeted Thursday night that it was "currently responding to a cybersecurity incident. We are in touch with law enforcement." It said it would provide updates on its Uber Comms twitter feed. When reached by CBS News, an Uber spokesperson declined to provide any details. There was no indication that Uber's fleet of vehicles or its operation was in any way affected.  "It seems like...
PUBLIC SAFETY
IN THIS ARTICLE
#Cyberattack#Data Breaches#The New York Times#Amazon Web Services#Google Workspace
YOU MAY ALSO LIKE
NewsBreak
AWS
NewsBreak
Data Security
NewsBreak
Public Safety
NewsBreak
Uber
NewsBreak
Amazon
TechRadar

FBI warns hackers are stealing healthcare payments

Hackers are stealing healthcare payments, by diverting them to bank accounts under their control, the FBI is warning. The Bureau was forced to issue a warning after more than $4.6 million was stolen in three separate incidents where criminals would send out phishing emails, or reach out to people working at payment processors and financial departments, pretending to be support center employees.
PUBLIC SAFETY
Daily Mail

American vs Delta vs United: From 'bizarre food' to 'well-designed' seats, travel experts test the business class cabins of the three biggest U.S airlines on flights from Heathrow to New York

They're America's three biggest airlines and all offer services between London and New York, the biggest money-spinning airline corridor in the world. But how are American Airlines, Delta and United ensuring they reel in the big business-class bucks for this route?. Travel experts from The Points Guy UK (TPG UK)...
INDUSTRY
US News and World Report

Uber Says Lapsus$-Linked Hacker Responsible for Breach

(Reuters) -Uber Technologies Inc said on Monday a hacker affiliated with the Lapsus$ hacking group was responsible for a cyber attack that forced the ride-hailing company to shut several internal communications temporarily last week. Uber said the attacker had not accessed any user accounts and the databases that store sensitive...
BUSINESS
shefinds

Apple Experts Agree: 3 Pre-Installed Apps You Should Delete If You Want A Faster iPhone

Why has your iPhone slowed down so much, you may be wondering. The answer could include a combination of factors like your phone’s age, the age of your battery, your charging habits, and the number of apps you have downloaded. But, maybe even more important than the number of apps you have is the TYPE of app you’re using most. Each app is different in terms of the amount of battery power it consumes and how much storage it takes up on your device — both of these factors contribute to a slower phone. Apple experts agree: it’s a smart idea to delete these three pre-installed apps if you want a faster phone. Here’s what you need to know about them.
CELL PHONES
TechRadar

Another record-breaking DDoS attack has been stopped

Someone seems hell-bent on denying the service of a specific company in Eastern Europe, and is carrying out some huge Distributed Denial of Service (DDoS) attacks to do so. After executing (and failing) the largest-ever DDoS attack ever seen in July 2022, the same group has returned with an even bigger assault, Akamai has reported.
PUBLIC SAFETY
TechRadar

Microsoft Azure is taking its cloud into space

Microsoft’s plans to extend its cloud operations into space are well underway, with the company having recently announced some new progression on its extra-terrestrial mission. The latest announcement (opens in new tab) includes a preview of Azure Orbital Cloud Access, which the company says serves as a “step toward...
ECONOMY
TechRadar

TechRadar

47K+
Followers
45K+
Post
6M+
Views
ABOUT

Its mix of genuine and reliable advice alongside entertaining and fun to read editorial content is why millions of people trust TechRadar to give them tech advice on everything from the latest smartphone releases to the best in digital cameras.

 http://www.techradar.com

Comments / 0

Community Policy