Uber hacked by a teenager using ‘social engineering’ to steal credentials from employee

According to reports, employees thought that messages left by the hacker on Slack were part of a joke.

FPJ Web DeskUpdated: Friday, September 16, 2022, 06:03 PM IST
article-image
Beed: Unidentified hacker uses teacher's PAN number for GST account; FIR filed | File Photo

On an average a single data breach can cost as much as $4.35 million, and cybercrime is expected to cause damages worth more than $10 trillion globally by 2025. Almost all major platforms including Facebook, LinkedIn and Yahoo have been hit by data breaches, with the largest cyberattack hitting Yahoo in 2013 when it lost info on three billion users. The latest to suffer a data breach is ride hailing giant Uber, which was attacked on Thursday afternoon.

The hacker gained access to the company’s vulnerability reports, internal systems, Slack server and emails, before sharing screenshots. The leaked data includes credentials of drivers and sensitive information about customers as well. Uber’s Google Workspace email dashboard was also hacked and the cybercriminal posted messages on its Slack server. Uber acknowledged the attack in a tweet and are investigating the breach in coordination with law enforcement.

Teenage troublemaker

According to a New York Times report, the attacker used social engineering to steal an Uber employee’s password to gain access to critical IT systems. He claims to be 18 years old and hacked the company’s servers because of its weak security systems. The Washington Post also reported that employees thought that the messages by the hacker on Slack were part of a prank.

What’s social engineering?

Social engineering is simply a strategy to interact with users after studying their background and identifying weak security protocols. Manipulation is used to trick the individual into breaking security practices or revealing information which can help decode their credentials. This approach exploits human error rather than looking for vulnerabilities in software, and has been used against Twitter, Robinhood and MailChimp in the past.

The attacker also accessed Uber’s bug bounty account on HackerOne, and commented on vulnerability reports which are meant to be confidential. HackerOne’s CEO has said that Uber’s account has been locked, and the company is now assisting with the investigation.

(To receive our E-paper on whatsapp daily, please click here. To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

RECENT STORIES

Airtel gears up to take on Jio in the 5G space by starting in 8 cities for a phase-wise expansion

Airtel gears up to take on Jio in the 5G space by starting in 8 cities for a phase-wise expansion

As India gears up for 5G, here are 13 cities where it’ll be available first and tariffs you can...

As India gears up for 5G, here are 13 cities where it’ll be available first and tariffs you can...

PM Modi's data price comparison and key takeaways from India's 5G launch

PM Modi's data price comparison and key takeaways from India's 5G launch

Watch: PM Modi gets demo Jio Glass from Akash Ambani after 5G launch, remotely drives a car

Watch: PM Modi gets demo Jio Glass from Akash Ambani after 5G launch, remotely drives a car

LPG cylinder prices reduced for the 6th time since June; check prices here

LPG cylinder prices reduced for the 6th time since June; check prices here