A hacker announced that he had access to all of Uber’s internal services, including user databases and financial data. It was a simple phishing operation that allowed him to penetrate the systems.
When Uber employees received a message on Slack from a hacker indicating that he had hacked the service and that he had access to everything, including the databases, they first thought it was a joke. There followed a avalancheavalanche of emojis symbolizing fun. The fun didn’t last long and Slack, like many other internal tools, was temporarily disabled by Uber.
In the aftermath, the company declared on Twitter this cybersecurity incident by a message laconic. The hacker also posted numerous screenshots showing the extent of the damage. On these, we can see that he has managed to access critical internal services such as the account of Uber’s Amazon Web Services platform, the administration console, its HackerOne cybersecurity service or even data. financial orders.
A political hack
How did the hacker manage to break into the serversservers and penetrate deep into systems? Simply by a classic phishing operation. The hacker sent a SMSSMS to one of the employees pretending to be an IT manager from Uber. The victim was encouraged to give up his identifiers, it worked and that was it.
A priori, according to Washington Post, the hacker’s motivation is political. Sensitive to the treatment suffered by the company’s drivers, he would have enjoyed hacking the company. He also said he expects to release Uber’s source code within a few months. For its part, the company explains that it is supported by the police to resolve the situation and is content to deliver information in dribs and drabs on this case. This isn’t the first time Uber has been attacked. In 2016, its database of users and drivers was hacked via a vulnerability of a third-party service.
A hacker announced that he had access to all of Uber’s internal services, including user databases and financial data. It was a simple phishing operation that allowed him to penetrate the systems.
When Uber employees received a message on Slack from a hacker indicating that he had hacked the service and that he had access to everything, including the databases, they first thought it was a joke. There followed a avalancheavalanche of emojis symbolizing fun. The fun didn’t last long and Slack, like many other internal tools, was temporarily disabled by Uber.
In the aftermath, the company declared on Twitter this cybersecurity incident by a message laconic. The hacker also posted numerous screenshots showing the extent of the damage. On these, we can see that he has managed to access critical internal services such as the account of Uber’s Amazon Web Services platform, the administration console, its HackerOne cybersecurity service or even data. financial orders.
A political hack
How did the hacker manage to break into the serversservers and penetrate deep into systems? Simply by a classic phishing operation. The hacker sent a SMSSMS to one of the employees pretending to be an IT manager from Uber. The victim was encouraged to give up his identifiers, it worked and that was it.
A priori, according to Washington Post, the hacker’s motivation is political. Sensitive to the treatment suffered by the company’s drivers, he would have enjoyed hacking the company. He also said he expects to release Uber’s source code within a few months. For its part, the company explains that it is supported by the police to resolve the situation and is content to deliver information in dribs and drabs on this case. This isn’t the first time Uber has been attacked. In 2016, its database of users and drivers was hacked via a vulnerability of a third-party service.
