Uber confirms a significant cyberattack in which the hackers retrieved the company’s applications, sensitive data, IT system, etc., by stealing the employee’s login credentials.
The New York Times reported that they spoke to the hacker who acknowledged having hacked the Uber system, attacked the employee with social engineering, and stole the passwords.
Uber confirmed the attack by tweeting on its Twitter account, “We are currently responding to a cybersecurity incident.” We are in touch with law enforcement and will post additional updates here as they become available. “
The hackers could access internal systems, consoles of Amazon web services, security software, Windows, VMware ESXi virtual machines, Google workspace email admin dashboard, etc. Though this data is worthy, there is a possibility that the hackers would have downloaded all the vulnerability reports. The flaws that the company was trying to fix are now open.
HackerOne, a program run by Uber, permits researchers to share the bugs and vulnerabilities in the software in secrecy and are paid for this. Though the program is discontinued, it may be late. However, this is not the first time that the cab giant has been under threat.
At the beginning of 2022, Uber stated that it covered a data breach in 2016. This hack resulted in users’ data going online in public, which the company tried to cover up. However, the company’s confession came up in the settlement to avoid the US Department of Justice’s criminal prosecution.