Uber Responds to Breach After Hacker Claims Widespread Access
Uber Technologies Inc.
UBER 0.24%
is responding to a cybersecurity breach after a hacker claimed to have gained widespread access to the company’s computer systems.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post any additional updates here as they become available,” a Twitter account for the ride-hailing company tweeted Thursday night.
On Thursday a hacker, identified only by the Telegram handle Tea Pot, gained control of Uber’s account with HackerOne, a firm that helps companies work with security researchers, according to the company and researchers on the platform. The hacker provided security researchers with screenshots that appeared to show widespread access to a range of administrative accounts that manage Uber’s technology systems, including the company’s Amazon Web Services and Google clouds, as well as
VMware
systems, the researchers said.
If the hacker’s claims are true, the incident would represent a broad compromise for the company, said Robert Graham, a cybersecurity consultant.
“It’s all of their IT information. And because they’re an IT company, it’s everything,” he said.
Other than the HackerOne account compromise, The Wall Street Journal couldn’t verify Tea Pot’s other claims.
“We got alerted to this promptly by our customer Uber,” said
Marten Mickos,
HackerOne’s chief executive, in a text message. “We locked access to their data in order to protect it. We have a team assisting them in their investigation.”
Tea Pot told
Sam Curry,
a security engineer who works for Yuga Labs, that they had tricked an Uber employee into granting them access to Uber’s virtual private network. Once on the network, the hacker was able to gain access to other credentials that provided more widespread access.
Reached via Telegram late Thursday, Tea Pot claimed to be the hacker but didn’t respond to questions about the hack.
Uber’s latest cybersecurity problem comes a little over a week after a trial started over its former security chief’s role in responding to an earlier hack.
In 2016, Uber had a data breach that affected about 57 million records. Millions of riders’ names, emails and phone numbers were accessed, as were about 600,000 driver’s license numbers. A year later, Uber disclosed the breach and said it paid the hackers $100,000.
The company said at the time that it had fired its chief security officer and deputy for their roles in the company’s response to the breach. The security chief, Joe Sullivan, is now on trial, facing criminal obstruction charges for his role in paying the hackers. The trial started last week in U.S. District Court in San Francisco.
Write to Robert McMillan at [email protected] and Meghan Bobrowsky at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Appeared in the September 16, 2022, print edition as ‘Uber Says It Was Hit By Cyber Incident.’
Uber Technologies Inc.
UBER 0.24%
is responding to a cybersecurity breach after a hacker claimed to have gained widespread access to the company’s computer systems.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post any additional updates here as they become available,” a Twitter account for the ride-hailing company tweeted Thursday night.
On Thursday a hacker, identified only by the Telegram handle Tea Pot, gained control of Uber’s account with HackerOne, a firm that helps companies work with security researchers, according to the company and researchers on the platform. The hacker provided security researchers with screenshots that appeared to show widespread access to a range of administrative accounts that manage Uber’s technology systems, including the company’s Amazon Web Services and Google clouds, as well as
VMware
systems, the researchers said.
If the hacker’s claims are true, the incident would represent a broad compromise for the company, said Robert Graham, a cybersecurity consultant.
“It’s all of their IT information. And because they’re an IT company, it’s everything,” he said.
Other than the HackerOne account compromise, The Wall Street Journal couldn’t verify Tea Pot’s other claims.
“We got alerted to this promptly by our customer Uber,” said
Marten Mickos,
HackerOne’s chief executive, in a text message. “We locked access to their data in order to protect it. We have a team assisting them in their investigation.”
Tea Pot told
Sam Curry,
a security engineer who works for Yuga Labs, that they had tricked an Uber employee into granting them access to Uber’s virtual private network. Once on the network, the hacker was able to gain access to other credentials that provided more widespread access.
Reached via Telegram late Thursday, Tea Pot claimed to be the hacker but didn’t respond to questions about the hack.
Uber’s latest cybersecurity problem comes a little over a week after a trial started over its former security chief’s role in responding to an earlier hack.
In 2016, Uber had a data breach that affected about 57 million records. Millions of riders’ names, emails and phone numbers were accessed, as were about 600,000 driver’s license numbers. A year later, Uber disclosed the breach and said it paid the hackers $100,000.
The company said at the time that it had fired its chief security officer and deputy for their roles in the company’s response to the breach. The security chief, Joe Sullivan, is now on trial, facing criminal obstruction charges for his role in paying the hackers. The trial started last week in U.S. District Court in San Francisco.
Write to Robert McMillan at [email protected] and Meghan Bobrowsky at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Appeared in the September 16, 2022, print edition as ‘Uber Says It Was Hit By Cyber Incident.’
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.