Uber probes computer system breach, takes Slack system offline

Uber Technologies, the American mobility service provider, has reportedly uncovered a breach in its computer network on Thursday, forcing the organization to shut down some of its internal communications and engineering networks while it investigated the scope of the breach.

Several of Uber's internal systems seemed to have been hacked, and a person who claims responsibility for the breach released photos of cloud storage, email, and code repositories to cybersecurity experts.

Slack, the firm's internal messaging platform, was restricted for Uber employees to use, and they found that some other internal systems were also inaccessible.

According to credible sources, Uber employees received a message from an anonymous hacker, using a hacked Slack account of an employee. The hacker also accessed additional internal networks and uploaded an explicit picture on an internal information page for the staff.

Furthermore, the hacker who bears the responsibility claimed that he used the method of social engineering to get the required password from an employee, using which he accessed Uber’s internal systems.

Rachel Tobac, CEO of SocialProof Security, stated that such instances of social engineering cyberattack are steadily increasing in tech organizations.  Tobac cited the Twitter hack of 2020, in which teens broke into the corporation through social engineering. Besides, the recent hacks at Microsoft and Okta both leveraged similar social engineering approaches.

This was not the first instance of a hacker obtaining Uber data. Back in 2016, hackers stole information from 57 million riders and driver accounts and demanded $100,000 to delete their copy. Uber handled the payment but had hidden the security breach for over a year.

Joe Sullivan, who served as Uber's head security officer back then, was let go for his involvement in the firm's response to the attack. Sullivan is currently facing trial for failing to report the breach to the regulators.

Attorneys representing Sullivan have claimed that other workers were accountable for the regulatory disclosures and Sullivan was being used as a scapegoat by Uber.

Source credit: https://indianexpress.com/article/technology/tech-news-technology/uber-investigating-breach-of-its-computer-systems-8154283/