14.3 C
New York
Thursday, October 6, 2022

Buy now

Uber hacks past and present hang over ex-security chief’s trial

(Bloomberg) — Uber Technologies Inc. is embroiled in another cybersecurity debacle just as the rampaging giant is trying to move forward after a 2016 data breach.

Uber Technologies Inc. is embroiled in another cybersecurity debacle just as the driving giant tries to move forward after a 2016 data breach.

On Thursday, a hacker co-opted an Uber employee’s Slack account and gained access to some of the company’s Amazon and Google-hosted cloud infrastructure. The San Francisco-based company, which confirmed the hack, is still struggling to evaluate the extent of the damage.

The latest breach comes as Chief Executive Officer Dara Khosrowshahi testifies Friday at the trial of Uber’s former security chief, Joe Sullivan, who faces criminal obstruction over his role in the company’s response to a hack six years ago that exposed millions of rider names. , emails and phone numbers, as well as hundreds of thousands of driver’s license numbers. Uber didn’t disclose the breach until a year later, saying it paid the hackers $100,000.

In both cases, outsiders gained access to Uber’s account with HackerOne Inc. Uber uses its HackerOne account to receive vulnerabilities from ethical hackers, in exchange for payment or ‘bounty’. Despite these obvious features, multiple cybersecurity experts told Bloomberg they did not believe the breach revealed Thursday was related to the pending lawsuit.

“The trial seems to be a red herring and nothing to do with each other,” said Corben Leo, a security researcher and chief marketing officer at Zellic, a blockchain security firm. “This hacker wants what 99% of young, immature hackers want: money and fame.”

The width and depth of the intruder’s entrance is still unknown. “And that’s exactly why it’s terrifying,” Leo said. “The hacker clearly gained access to files related to the bounty program. What’s worse is that the hacker had access to Uber’s AWS environment, which most likely contained customer data.”

The company, which said it contacted police on Twitter, has frozen some internal systems, including Slack communications, as it investigates the hacker’s claims.

In a Friday afternoon blog post, Uber said it has “no evidence that the incident involved access to sensitive user data (such as travel history).” All of Uber’s taxi, food delivery and freight services are operational, it said, adding that internal software tools that were removed yesterday as a precaution are coming back online today.

“Regardless of the outcome of the trial, the ability for an individual to gain the level of apparent access they had through known social engineering techniques that gave them access to a company’s internal VPN is alarming,” says Danielle. Jablanski, OT cybersecurity strategist at Nozomi. Networking.

Source link

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles