After a serious “hack,” the Uber service continued to work

Last Thursday, a lone hacker was said to have announced that he had hacked into Uber’s service system after apparently tricking a company employee into providing his credentials.

Screenshots shared by the hacker with the company’s security researchers show that the man gained full access to the cloud services where Uber stores customers’ sensitive and financial data.

It is unknown how much sensitive information the hacker stole and how long he was on Uber’s computer network. Two cybersecurity specialists communicated directly with the hacker, who said he was about 18 years old.

But the files he gave them, which were then publicly posted on Twitter and other social media sites, showed that the hacker was able to access Uber’s most important internal systems.

“He did have high-level access. That’s terrible,” said Corbin Leo, a cybersecurity researcher and head of business development at Zellic.

Corbin communicated with the hacker online.

He said screenshots shared by the man showed that the attacker had accessed data stored on Amazon and Google cloud servers, where Uber stores source code as well as financial and personal customer data, such as driver’s licenses.

In one screenshot, the hacker showed a hack of Uber’s internal collaborative Slack system.

All recovered

Sam Curry, a Yuga Labs engineer who also communicated with the hacker, said there was no indication that the hacker did any damage or was interested in anything more than self-promotion. “It seems to me that the hackers want to get as much attention as possible,” Curry explained

Curry admitted that on Thursday he spoke with several Uber employees who said they were “working on locking everything down inside” in order to limit this hacker’s access. That included the San Francisco-based company’s Slack network, he said.

In a statement posted online as early as Friday, Uber said that “internal software tools that shut down yesterday as a precautionary measure, have been restored.”

The company said that all of its services, including Uber Eats and Uber Freight, were working and that there was no evidence that an attacker had accessed “sensitive user data,” such as trip history.

Curry and Leo noted that the hacker did not specify how much data he copied. At the same time, Uber did not advise its users to take any specific actions, such as changing passwords.

How did the hacker get his way?

Essentially, the hacker found out the password of an Uber employee. Then, posing as a work colleague, the hacker flooded the employee with text messages asking him to confirm that he was logged into his account. Eventually, the employee relented and provided a two-factor authentication code, which the hacker used to log in.

“Social engineering” is a popular hacking strategy because people tend to be the weakest link in any network. Teens used it in 2020 to hack Twitter, and more recently it was used to hack tech companies Twilio and Cloudflare.

Uber has previously been “hacked.”

Former Uber security chief Joseph Sullivan is currently on trial for allegedly arranging to pay hackers $100,000 to cover up a high-tech heist in 2016 in which the personal information of some 57 million customers and drivers was stolen.