Uber takes some internal systems offline to investigate a network breach; Yuga Labs' Sam Curry says it appears the hacker pretty much has “full access to Uber”
what you need to know Msmash / Slashdot : Uber Investigating Breach of Its Computer Systems Prajeet Nair / BankInfoSecurity.com : Uber Probes Breach After Hacker Boasts About Intrusion Michael Hill / CSO : Uber responding to “cybersecurity incident” following reports of significant data breach PYMNTS.com : 18-Year-Old Hacker Claims Responsibility for Uber Breach Chloe Folmar / The Hill : Uber investigating possible network breach after hacker taunts Alex Scroxton / ComputerWeekly.com : Uber suffers major cyber attack Eduard Kovacs / SecurityWeek : Uber Investigating Data Breach After Hacker Claims Extensive Compromise Ana Nicenko / Finbold : Alert: Uber's internal systems hacked giving bad actor ‘full access’ Hemant Saxena / Neowin : Uber faces major cybersecurity breach, investigation underway [Update] Matthew Humphries / PCMag : Uber Suffers ‘Total Compromise’ System Hack Phil Muncaster / Infosecurity : Uber Hacker May Have Compromised Secret Bug Reports Leigh Mc Gowran / Silicon Republic : Uber staff told to stay off Slack after hack Sofia Wyciślik-Wilson / BetaNews : Uber suffers ‘cybersecurity incident’ with hackers gaining access to internal systems and vulnerability reports Nickie Louise / Tech News : Uber Hacked! Teenage hacker advocating driver's rights used social engineering to gain access to Uber's Slack & internal systems Matthew Gooding / Tech Monitor : Uber cyberattack: ride-hailing giant's systems compromised in apparent social engineering breach Shouvik Das / TechCircle : Hacker claims access to critical infra of Uber, company starts investigation Priya Singh / BGR India : Uber acknowledges data breach, says it is probing the ‘cybersecurity incident’ Insider : An 18-year-old reportedly hacked Uber's computer systems and sent employees cryptic Slack messages Bruce Schneier / Schneier on Security : Massive Data Breach at Uber Ravie Lakshmanan / The Hacker News : Uber Says It's Investigating a Potential Breach of Its Computer Systems Trevor Mogg / Digital Trends : Uber says it's investigating ‘cybersecurity incident’ Davey Winder / Forbes : Uber Hacked—18 Year Old Hacker Claims To Be Behind Extensive Breach Dan Milmo / The Guardian : Uber responding to ‘cybersecurity incident’ after hack Lawrence Abrams / BleepingComputer : Yuga Labs engineer: Uber's hacker accessed its HackerOne bug bounty program; source: the hacker downloaded all the vulnerability reports before losing access Maria Dinzeo / Courthouse News Service : Fired Uber attorney testifies against ex-security chief in trial over 2016 data breach cover-up Tweets: @uber_comms : We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available. Sam Curry / @samwcyo : Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets. They likely have access to all of the Uber HackerOne reports. https://twitter.com/... Sam Curry / @samwcyo : From another Uber employee: Instead of doing anything, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke. After being told to stop going on slack, people kept going on for the jokes. lmao Kylie Robison / @kyliebytes : RIP to everyone's weekend at Uber. “Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read: ‘I announce I am a hacker and Uber has suffered a data breach.’” https://www.nytimes.com/... Bill Demirkapi / @billdemirkapi : Some new information since last night. The attacker claims that they were able to gain persistent MFA access to their compromised accounts by social engineering the victims into accepting a prompt that allowed the attacker to register their own device for MFA. 15/N https://twitter.com/... Tom Dotan / @cityofthetown : The uber hack seems nightmarishly bad. And pretty depressing that the way around MFA is just spamming the victim until they give up and just allow themselves to be hacked. https://twitter.com/... Josh Constine / @joshconstine : This is so savage. A hacker broke into Uber's Bug Bounty program and stole all the vulnerability reports ...so they can hack it over and over until everything is fixed. Galaxy brain attack. https://www.bleepingcomputer.com/ ... https://twitter.com/... Lorenzo Franceschi-Bicchierai / @lorenzofb : NEW: One of the biggest takeaways of the Uber hack is that 2FA via push notifications is flawed and relatively easy to circumvent. “They can become so annoying that the target eventually accepts,” @RachelTobac told us. https://www.vice.com/... Kylie Robison / @kyliebytes : Just dropping this here.... employees seemingly still don't have access. Yay for long weekends? https://twitter.com/... Spencer Dailey / @spencerdailey : @Techmeme @LawrenceAbrams This is a major deal if true —> not only have Uber's systems been compromised, but the company will remained compromised until it fixes all of their known vulnerabilities. In other words, the odds of hacker reentry are extremely high and will remain so for the foreseeable future Kate Conger / @kateconger : Update: We spoke to the person who claimed responsibility for the hack. He says he is 18. https://twitter.com/... Tiffany C. Li / @tiffanycli : Cybersecurity truths: 1. No system is perfectly secure. 2. The more data you store, the more data you risk. Good thing the only sensitive personal data Uber has are financial info, contact info, and also the records of everywhere every user has ever traveled at any time. https://twitter.com/... Carl Quintanilla / @carlquintanilla : “.. The hacker provided .. screenshots that appeared to show widespread access to a range of administrative accounts that manage Uber's technology systems, including the company's Amazon Web Services and Google clouds ..” @WSJ $UBER https://www.wsj.com/... Kevin Roose / @kevinroose : Update: a person claiming responsibility for the Uber hack tells the NYT that he is 18, got in through social engineering an employee's password, and hacked the company because it had weak security. https://www.nytimes.com/... https://twitter.com/... Tom Warren / @tomwarren : Uber has been hacked, and it looks bad. The hacker got in through social engineering and allegedly found a network share full of Microsoft PowerShell scripts that included Uber admin usernames and passwords to let them breach AWS, G Suite, and more 🥲 https://www.theverge.com/... Daniel Cuthbert / @dcuthbert : “Doesn't know what to do with it and is having the time of his life” Aaaaand there's my teenage years eloquently portrayed. https://twitter.com/... Mike Masnick / @mmasnick : The kids these days... https://twitter.com/... Whitney Merrill / @wbm312 : And on the 27th anniversary of the movie Hackers too. https://twitter.com/... https://twitter.com/... @williamlegate : Uber has had their entire infrastructure (cloud, financial, comms, dev, etc) hacked by a kid purporting to be a teenager - breach appears to be very severe. https://twitter.com/... Roy E. Bahat / @roybahat : “In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.” Curious what motivated the hacker to choose to crusade for that... https://twitter.com/... Dan Goodin / @dangoodin001 : “'They pretty much have full access to Uber,' said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. ‘This is a total compromise, from what it looks like.’” https://twitter.com/... Whitney Merrill / @wbm312 : Fido 2FA for all pls. https://twitter.com/... Whitney Merrill / @wbm312 : Guess they can't hide this one from the FTC 😬 https://twitter.com/... Whitney Merrill / @wbm312 : This is the worst case scenario we all try to prepare for, but no one believes will happen or is possible... https://twitter.com/... Evan Sutton / @3vansutton : I can't wait for them to have a fleet of driverless cars because clearly there's no large scale risk of that ending badly https://twitter.com/... Kellen Browning / @kellen_browning : Big scoop from @kateconger and @kevinroose — Uber's internal network was breached Thursday and employees have been told to stay off Slack. Developing situation: https://www.nytimes.com/...