Uber is investigating a security breach in all its servers and internal systems. Today we woke up to the news that a hacker has managed to access all Uber servers in the cloud, that is, Uber has been completely hacked. The access mode seems to be that it has been through social engineeringthat is, he has managed to deceive an Uber worker to get the VPN credentials and subsequently scan the entire internal network of the company (intranet). All your Uber data may now be in their hands.
How Uber got hacked
The first information indicates that, apparently, they have carried out a social engineering attack to an employee. Once the cybercriminal has obtained the VPN credentials, he has dedicated himself to scanning the entire internal network, where there were powershell script with different administrator passwords. Using these Powershell scripts, he has been able to access all the data from Windows Active Directory services, Onelogin, Amazon Web Services and also everything they have in GSuite.
That is to say, it seems that the form of access has been through the VPN service, to later scan all the equipment and services to try to obtain more information. HackerOne’s Uber account has also been affected by this hack, they have obtained their credentials and are replying to all tickets indicating that Uber has been completely hacked, and that logically HackerOne’s account has also been hacked.
In the official Uber Twitter account they indicate that they are currently responding to this security incident, and that they are in contact with the police.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
September 16, 2022 • 09:24
As you can see, right now Uber is working on this security incident, but logically the cybercriminal has already obtained a large amount of information.
What data have you had access to?
The cybercriminal has also posted screenshots of the Uber instance on AWS (Amazon Web Services), the HackerOne admin panel, and much more, as you can see here:
vx-underground
@vxunderground
Update: A Threat Actor claims to have completely compromised Uber – they have posted screenshots of their AWS instance, HackerOne administration panel, and more.They are openly taunting and mocking @Uber. https://t.co/Q3PzzBLsQY
September 16, 2022 • 09:24
Other information that has come to light is your financial data, the information that comes in vSphere, Google Workplace Data and much more. The truth is that it is incredible that all Uber systems have been completely hacked, once again it is shown that an employee is the weakest link in the entire chain, since they have carried out a social engineering attack to access the company’s VPN. business.
It is quite possible that all user databases with your personal informationname, surnames, email, contact information and much more information, now be in the hands of the hacker. Our recommendation is always to change your passwords when a service has been hacked, but right now it’s possible that the hacker is still inside your internal network, so it wouldn’t help at all.
We are seeing on Twitter some Internal and anonymous comments from Uber workers, where they indicate that they have received an email from the IT department telling them to stop using Slack, because logically this corporate messaging platform may also have been compromised. It seems that many management websites have disappeared internally, and simply lead to a deleted page with a porn image as a mockery. At first, Uber workers thought it was a joke, but nothing was truer than reality.