Uber hack update!
Last week, big tech ridesharing company Uber reportedly had their systems hacked by an anonymous hacker. While it is unsure if the hack resulted in malicious damage, or if any severe data was erased or stolen by this breach; one thing that is sure is the need for Uber to reinvent its Cybersecurity systems.
According to Uber, the breach was done by a teenage hacking group called Lapsus$. The group is said to have been responsible for a couple of high-profile hacks in the past year from Microsoft to Samsung, and NVIDIA.
Rockstar Games also fell victim; the teenage group leaked gameplay footage of their highly expected game Grand Theft Auto 6. Close to 90 clips of the game’s gameplay were released online and Rockstar Games confirmed later that the clips were authentic and legit.
Anyway, Uber has said that there’s no evidence that user data has been compromised. This means that Uber users can be assured that their data is still untouched. Uber’s explanation for how the hack happened was that a contractor’s account was compromised. The contractor’s Uber password was accessed using malware that was installed on the contractor’s device. The contractor began receiving two-factor authentication login approval requests each time the unauthorized user tried to sign into their account, unfortunately the contractor accepted one of those login attempts and the hackers slipped through.
According to Uber, the hackers were able to access other employee accounts, including those with permission to internal tools like Slack and G-Suite. Uber also confirmed the authenticity of the screenshots which were being passed around on social media last week showing the attacker’s Slack message announcing the hack .
They confirmed that a “graphic image” was shown to employees when they tried to access internal company web pages after the hacker “reconfigured Uber’s OpenDNS.” Uber says the hacker was able to access and download internal messages on the company Slack. The hacker was also able to access the company’s HackerOne dashboard where security researchers report bugs.
From the look of things, with all the information Uber has given about the breach, it seems to be a very comprehensive hack. According to the hackers, Uber’s cybersecurity was just too weak.
#GeekWorld is a segment for nerdy discussions and regular tech updates. This edition looks at Uber getting hacked by an anonymous teenage hacking group.
