Uber takes some internal systems offline to investigate a network breach; Yuga Labs' Sam Curry says it appears the hacker pretty much has “full access to Uber”
The company said on Thursday that it was looking into the scope of the apparent hack.
New York Times
Related Coverage
- A Hacker Breached Uber's Internal Systems Forcing Company to Take Some Systems Offline Metacurity · Cynthia Brumfield
- Uber Responds to Breach After Hacker Claims Widespread Access Wall Street Journal
- Uber investigating ‘cybersecurity incident’ after hacker claims to access internal systems CNN · Sean Lyngaas
- Uber investigating computer network breach- NYT Reuters · Shubham Kalia
- Uber confirms it is investigating cybersecurity incident The Record · Alexander Martin
- Uber hacker claims to have full control of company's cloud-based servers 9to5Mac · Ben Lovejoy
- Uber hacked, company assessing severity of losses AppleInsider · William Gallagher
- Uber investigating possible network breach after hacker taunts The Hill · Chloe Folmar
- Uber responding to “cybersecurity incident” following reports of significant data breach CSO · Michael Hill
- 18-Year-Old Hacker Claims Responsibility for Uber Breach PYMNTS.com
- Uber investigating hack on its computer systems BBC · Shiona McCallum
- Uber hacked, internal systems and confidential documents were allegedly compromised Security Affairs · Pierluigi Paganini
- Fired Uber attorney testifies against ex-security chief in trial over 2016 data breach cover-up Courthouse News Service · Maria Dinzeo
- Uber Investigating Massive Security Breach by Alleged Teen Hacker Gizmodo · Matt Novak
- Alert: Uber's internal systems hacked giving bad actor ‘full access’ Finbold · Ana Nicenko
- Uber Suffers ‘Total Compromise’ System Hack PCMag · Matthew Humphries
- Kevin Reed's Post LinkedIn · Kevin Reed
- Uber was hacked by a teenager - here's what we know so far KnowTechie · Matthew Hughes
- Uber investigates ‘cybersecurity incident’ after reports of a hack on the company CNBC · Ryan Browne
- Uber investigating cybersecurity incident after hacker breaches its internal network TechCrunch · Carly Page
- Uber Hack - Ride-hailing Giant Investigating Large-Scale Data Breach HackRead · Waqas
- Uber reportedly suffers major data breach — what you need to know Tom's Guide · Tom Pritchard
- Uber confirms “cybersecurity incident” after 18-year-old claimed to be behind massive breach TechSpot · Rob Thubron
- Uber's hacker *irritated* his way into its network, stole internal documents Graham Cluley
- Uber Probes Breach After Hacker Boasts About Intrusion BankInfoSecurity.com · Prajeet Nair
- Uber staff told to stay off Slack after hack Silicon Republic · Leigh Mc Gowran
- Uber suffers major cyber attack ComputerWeekly.com · Alex Scroxton
- Uber cyberattack: ride-hailing giant's systems compromised in apparent social engineering breach Tech Monitor · Matthew Gooding
- Uber faces major cybersecurity breach, investigation underway Neowin · Hemant Saxena
- Uber Hacker May Have Compromised Secret Bug Reports Infosecurity · Phil Muncaster
- Uber Investigating Data Breach After Hacker Claims Extensive Compromise SecurityWeek · Eduard Kovacs
- Uber security breach ‘looks bad’, potentially compromising all systems ZDNet · Eileen Yu
- Uber says it's investigating ‘cybersecurity incident’ Digital Trends · Trevor Mogg
- Uber says responding to ‘cybersecurity incident’ after report of network breach The Economic Times
- Uber Hacked—18 Year Old Hacker Claims To Be Behind Extensive Breach Forbes · Davey Winder
- Uber's had a data breach, and we don't know how bad it is yet Mashable
- Uber responding to ‘cybersecurity incident’ after hack The Guardian · Dan Milmo
- Hacker claims access to critical infra of Uber, company starts investigation TechCircle · Shouvik Das
- Uber says it's investigating a ‘cybersecurity incident’ Engadget · Mariella Moon
- Uber employees are being barraged with obscene images in a major hack, and they're worried their financial data may have been compromised Fortune · Kylie Robison
- Uber Says It's Investigating a Potential Breach of Its Computer Systems The Hacker News · Ravie Lakshmanan
- Uber is investigating a cybersecurity incident after employees got a Slack message that read, ‘I am a hacker’ Insider
- Uber apparently hacked by teen, employees thought it was a joke / ‘I think IT would appreciate less memes while they handle the breach’ The Verge · Jon Porter
- Uber Hacked! What Can You Do In This Case? Fossbytes · Aman Anand
- Uber Investigating Breach of Its Computer Systems Slashdot · Msmash
- Uber confirms it was hit by major cyberattack TechRadar
- Uber suffers ‘cybersecurity incident’ with hackers gaining access to internal systems and vulnerability reports BetaNews · Sofia Wyciślik-Wilson
Discussion
-
@uber_comms
@uber_comms
on x
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
-
@samwcyo
Sam Curry
on x
Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets. They likely have access to all of the Uber HackerOne reports. https://twitter.com/...
-
@kyliebytes
Kylie Robison
on x
RIP to everyone's weekend at Uber. “Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read: ‘I announce I am a hacker and Uber has suffered a data breach.’” https://www.nytimes.com/...
-
@kateconger
Kate Conger
on x
Update: We spoke to the person who claimed responsibility for the hack. He says he is 18. https://twitter.com/...
-
@tiffanycli
Tiffany C. Li
on x
Cybersecurity truths: 1. No system is perfectly secure. 2. The more data you store, the more data you risk. Good thing the only sensitive personal data Uber has are financial info, contact info, and also the records of everywhere every user has ever traveled at any time. https://…
-
@kevinroose
Kevin Roose
on x
Update: a person claiming responsibility for the Uber hack tells the NYT that he is 18, got in through social engineering an employee's password, and hacked the company because it had weak security. https://www.nytimes.com/... https://twitter.com/...
-
@carlquintanilla
Carl Quintanilla
on x
“.. The hacker provided .. screenshots that appeared to show widespread access to a range of administrative accounts that manage Uber's technology systems, including the company's Amazon Web Services and Google clouds ..” @WSJ $UBER https://www.wsj.com/...
-
@dcuthbert
Daniel Cuthbert
on x
“Doesn't know what to do with it and is having the time of his life” Aaaaand there's my teenage years eloquently portrayed. https://twitter.com/...
-
@wbm312
Whitney Merrill
on x
This is the worst case scenario we all try to prepare for, but no one believes will happen or is possible... https://twitter.com/...
-
@williamlegate
@williamlegate
on x
Uber has had their entire infrastructure (cloud, financial, comms, dev, etc) hacked by a kid purporting to be a teenager - breach appears to be very severe. https://twitter.com/...
-
@roybahat
Roy E. Bahat
on x
“In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.” Curious what motivated the hacker to choose to crusade for that... https://twitter.com/...
-
@kellen_browning
Kellen Browning
on x
Big scoop from @kateconger and @kevinroose — Uber's internal network was breached Thursday and employees have been told to stay off Slack. Developing situation: https://www.nytimes.com/...
-
@tomwarren
Tom Warren
on x
Uber has been hacked, and it looks bad. The hacker got in through social engineering and allegedly found a network share full of Microsoft PowerShell scripts that included Uber admin usernames and passwords to let them breach AWS, G Suite, and more 🥲 https://www.theverge.com/...
-
@wbm312
Whitney Merrill
on x
Guess they can't hide this one from the FTC 😬 https://twitter.com/...
-
@dangoodin001
Dan Goodin
on x
“'They pretty much have full access to Uber,' said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. ‘This is a total compromise, from what it looks like.’” https://twitter.com/...
-
@wbm312
Whitney Merrill
on x
Fido 2FA for all pls. https://twitter.com/...
-
@3vansutton
Evan Sutton
on x
I can't wait for them to have a fleet of driverless cars because clearly there's no large scale risk of that ending badly https://twitter.com/...
-
@hacker_
Corben Leo
on x
Apparently there was an internal network share that contained powershell scripts... “One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite” htt…
-
@coltonseal
Colton
on x
Honestly kind of a classy way to hack someone 😂😂😂 @Uber https://twitter.com/...
-
@samwcyo
Sam Curry
on x
From another Uber employee: Instead of doing anything, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke. After being told to stop going on slack, people kept going on for the jokes. lmao
-
@da_667
@da_667
on x
The amount of shitposting and emojis is pretty hilarious. https://twitter.com/...
-
@faizsays
Faiz Siddiqui
on x
As employee reactions poured in, including a Mr. Krabs meme, the “It's Happening” GIF and questions about whether it was a prank, someone wrote. “Sorry to be a stick in the mud, but I think IT would appreciate less memes while they handle the breach” https://www.washingtonpost.co…
-
@laurentbercot
Laurent Bercot
on x
I'll just use my username and password in this script that needs admin rights, what could possibly go wrong https://twitter.com/...
-
@k8em0
@k8em0
on x
Pour one out for the security response team at Uber. Hardcoded secrets in a powershell script got them powershellacked. Good practice is to assume intruders will seek out your internal scripts & do not leave secrets hard coded to help them elevate privilege & pivot like this. htt…
-
@kantrowitz
Alex Kantrowitz
on x
Props for going @ here vs. @ channel. That counts for something. https://twitter.com/...
-
@rik_ferguson
Rik Ferguson
on x
Second time in a week that I have heard of hardcoded PAM secrets giving an opportunistic attacker *all the access* to a global corp. Technology is wholly dependent upon proper implementation and process. It's easy to point fingers at a product, but often wrong. https://twitter.co…
-
@aaschapiro
Avi Asher-Schapiro
on x
If this screen shot is to be believed, the hacker who broke into Uber spammed the company's slack with a message about underpaid drivers.... https://twitter.com/...
-
@tomwarren
Tom Warren
on x
The Uber hacker reportedly posted a message in the company's internal Slack, and employees thought it was joke and reacted with 🍿 and 🚨 emoji and GIFs on the post https://twitter.com/...