On Thursday, 15 September 2022, Uber faced a cyberattack. The attacker compromising its internal systems, email dashboard, and Slack server, Bleeping Computer reports. The attacker had full access to various critical Uber IT systems. He accessed Uber vulnerability reports and shared screenshots
The compromised critical systems include Uber’s security software, Windows domain, Amazon Web Services console, email admin dashboard, and Slack server — to which the hacker posted messages.
On its Communications Twitter account Uber confirmed the news of attack.
They said that they are currently responding to a cybersecurity incident. Uber is also in touch with law enforcement and will post additional updates here as they become available,”
When the New York Times spoke to the malicious actor, attacker admitted performing a social engineering attack on an employee. This attack compromised the employee’s password which they usd further to get access of IT system.
Yuga Labs security engineer Sam Curry said the culprits further hacked the company’s HackerOne bug bounty programme and commented on all of Uber’s bug bounty tickets.
“UBER HAS BEEN HACKED (domain admin, aws admin, vsphere admin, gsuite SA) AND THIS HACKERONE ACCOUNT HAS BEEN ALSO,” one of the comments reads.
This incident underlined need of strong security layers and secure servers. Companies and individuals must purchase and adopt secure servers with strongest security layers.