Uber

Uber Technologies Inc said it was investigating a cybersecurity incident after a report of a network breach that forced the company to shut several internal ...

Cybersecurity has been an issue for Uber in the past. Register now for FREE unlimited access to Reuters.com The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber's systems, the report said. A person assumed responsibility for the hack and told the paper he had sent a text message to an Uber employee claiming to be a corporate IT person. "I announce I am a hacker and Uber has suffered a data breach," the message read, and went on to list several internal databases that were allegedly compromised, the report added. It appeared the hacker was able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the Times report added.

Uber has announced a "cyber security incident", which entailed an 18-year-old hacker infiltrating employees' Slack network.

[Considering digital trust: why zero trust needs a rethink](/considering-digital-trust-why-zero-trust-needs-rethink-123499500/) — David Mahdi, chief strategy officer and CISO advisor at Sectigo, discusses the important role of digital trust in the security strategy. [Slack](https://slack.com/) app, using it to send messages to [Uber](https://www.uber.com/) employees, stating: “I announce I am a hacker and Uber has suffered a data breach”, before listing the databases they had gained access to. “Callsign’s recent Digital Trust Index research has found with the ongoing shift to digital services, 50 per cent of consumers believe that a regulated digital identity system will become part of our daily lives within five years. [Matt Aldridge](https://www.linkedin.com/in/mattaldridge/), principal solutions consultant, BrightCloud at [OpenText Security Solutions](https://www.opentext.com/), identified two major factors in attacks like this occurring: “the exploitation of poorly trained users”; and “the carelessness to leave privileged credentials on a network share”. [Julia O’Toole](https://www.linkedin.com/in/juliaotoole/), CEO of [MyCena Security Solutions](https://mycena.co/). [Bleeping Computer has reached out](https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/) to the person allegedly responsible, and in the process found screenshots showing access to “critical Uber IT systems”, including Uber’s Slack channel, AWS console, and Google Workspace email admin dashboard.

One person, who claimed to be the hacker, said he sent a text message to one of its workers insisting he was a corporate IT employee before...

The Uber worker handed over a password that gave the hacker access to the systems, according to the NY Times. "Uber is a valued customer and we are here to help them if they need us," Slack said in a statement. Uber said it took Slack - which is owned by Salesforce Inc - offline for its employees, after the message reading “I announce I am a hacker and Uber has suffered a data breach," before adding internal databases that had apparently been breached.

The attacker reportedly posted, “Hi @here I announce I am a hacker and Uber has suffered a data breach,” in a channel on Uber's Slack on Thursday night. The ...

[claims](https://twitter.com/GossiTheDog/status/1570717994397073410/photo/1) that they first gained access to company systems by targeting an individual employee and repeatedly sending them multifactor authentication login notifications. [popular with attackers](https://twitter.com/SElovitz/status/1497598379622293504). With control of this account, the attacker claimed, they were able to gain access tokens for Uber's cloud infrastructure, including Amazon Web Services, Google's GSuite, VMware's vSphere dashboard, the authentication manager Duo, and the critical identity and access management service OneLogin. In a [midday update](https://www.uber.com/newsroom/security-update/) on Friday, the company said that “internal software tools that we took down as a precaution yesterday are coming back online.” Invoking time-honored breach-notification language, Uber also said on Friday that it has “no evidence that the incident involved access to sensitive user data (like trip history).” Screenshots leaked by the attacker, though, indicate that Uber's systems may have been deeply and thoroughly compromised and that anything the attacker didn't access may have been the result of limited time rather than limited opportunity. The attacker [reportedly](https://twitter.com/vxunderground/status/1570626503947485188/photo/1) posted, “Hi @here I announce I am a hacker and Uber has suffered a data breach,” in a channel on Uber's Slack on Thursday night. [confirmed](https://twitter.com/Uber_Comms/status/1570584747071639552?s=20&t=5CditVk__kozJuSLwSReiA) that it was responding to “a cybersecurity incident” and was contacting law enforcement about the breach.

Charlotte Bateman, who is blind, was travelling home from South London to Hertfordshire when she experienced the unfortunate incident with an angry Uber ...

Uber Technologies Inc. Chief Executive Officer Dara Khosrowshahi testified that he fired the company's chief security officer soon after taking the helm in ...

Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share ...

Dara Khosrowshahi is a star witness at the trial of Joe Sullivan, who has been accused of obstructing justice for failing to disclose the 2016 breach.

Taking the stand Friday at the criminal trial of ex-security chief Joe Sullivan, Uber CEO Dara Khosrowshahi said Sullivan omitted critical information about ...