Current:Home > NewsAfter a serious breach, Uber says its services are operational again-Angel Dreamer Wealth Society D1 Reviews & Insights
After a serious breach, Uber says its services are operational again
View Date:2024-12-23 14:38:55
The ride-hailing service Uber said Friday that all its services are operational following what security professionals were calling a major data breach. It said there was no evidence the hacker got access to sensitive user data.
What appeared to be a lone hacker announced the breach on Thursday after apparently tricking an Uber employee into providing credentials.
Screenshots the hacker shared with security researchers indicate this person obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data.
It is not known how much data the hacker stole or how long they were inside Uber's network. Two researchers who communicated directly with the person — who self-identified as an 18-year-old to one of them— said they appeared interested in publicity. There was no indication they destroyed data.
But files shared with the researchers and posted widely on Twitter and other social media indicated the hacker was able to access Uber's most crucial internal systems.
"It was really bad the access he had. It's awful," said Corbin Leo, one of the researchers who chatted with the hacker online.
He said screenshots the person shared showed the intruder got access to systems stored on Amazon and Google cloud-based servers where Uber keeps source code, financial data and customer data such as driver's licenses.
"If he had keys to the kingdom he could start stopping services. He could delete stuff. He could download customer data, change people's passwords," said Leo, a researcher and head of business development at the security company Zellic.
Screenshots the hacker shared — many of which found their way online — showed they had accessed sensitive financial data and internal databases. Among them was one in which the hacker announced the breach on Uber's internal Slack collaboration ssytem.
Sam Curry, an engineer with Yuga Labs who also communicated with the hacker, said there was no indication that the hacker had done any damage or was interested in anything more than publicity. "My gut feeling is that it seems like they are out to get as much attention as possible."
Curry said he spoke to several Uber employees Thursday who said they were "working to lock down everything internally" to restrict the hacker's access. That included the San Francisco company's Slack network, he said.
In a statement posted online Friday, Uber said "internal software tools that we took down as a precaution yesterday are coming back online."
It said all its services — including Uber Eats and Uber Freight — were operational.
The company did not respond to questions from The Associated Press including about whether the hacker gained access to customer data and if that data was stored encrypted. The company said there was no evidence that the intruder accessed "sensitive user data" such as trip history.
Curry and Leo said the hacker did not indicate how much data was copied. Uber did not recommend any specific actions for its users, such as changing passwords.
The hacker alerted the researchers to the intrusion Thursday by using an internal Uber account on the company's network used to post vulnerabilities identified through its bug-bounty program, which pays ethical hackers to ferret out network weaknesses.
After commenting on those posts, the hacker provided a Telegram account address. Curry and other researchers then engaged them in a separate conversation, where the intruder provided screenshots of various pages from Uber's cloud providers to prove they broke in.
The AP attempted to contact the hacker at the Telegram account, but received no response.
Screenshots posted on Twitter appeared to confirm what the researchers said the hacker claimed: That they obtained privileged access to Uber's most critical systems through social engineering. Effectively, the hacker discovered the password of an Uber employee. Then, posing as a fellow worker, the hacker bombarded the employee with text messages asking them to confirm that they had logged into their account. Ultimately, the employee caved and provided a two-factor authentication code the hacker used to log in.
Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used it in 2020 to hack Twitter and it has more recently been used in hacks of the tech companies Twilio and Cloudflare.
Uber has been hacked before.
Its former chief security officer, Joseph Sullivan, is currently on trial for allegedly arranging to pay hackers $100,000 to cover up a 2016 high-tech heist in which the personal information of about 57 million customers and drivers was stolen.
veryGood! (7)
Related
- Father sought in Amber Alert killed by officer, daughter unharmed after police chase in Ohio
- In first Olympics since Russian imprisonment, Brittney Griner more grateful than ever
- Mega Millions winning numbers for July 26 drawing: Jackpot rises to $331 million
- 'Dexter' miracle! Michael C. Hall returns from TV dead in 'Resurrection' series
- Jason Statham Shares Rare Family Photos of Rosie Huntington-Whiteley and Their Kids on Vacation
- Piece of Eiffel Tower in medals? Gold medals not solid gold? Olympic medals deep dive
- Three members of Gospel Music Hall of Fame quartet The Nelons among 7 killed in Wyoming plane crash
- Boar's Head issues recall for more than 200,000 pounds of liverwurst, other sliced meats
- NFL coaches diversity report 2024: Gains at head coach, setbacks at offensive coordinator
- Paris Olympics in primetime: Highlights, live updates, how to watch NBC replay tonight
Ranking
- San Antonio Spurs coach Gregg Popovich had mild stroke this month, team says
- Who plays Deadpool, Wolverine and Ladypool in 'Deadpool and Wolverine'? See full cast
- Olympian Gianmarco Tamberi Apologizes to Wife After Losing Wedding Ring During Opening Ceremony
- Katie Ledecky wins 400 free bronze in her first Olympic final in Paris
- Duke basketball vs Kentucky live updates: Highlights, scores, updates from Champions Classic
- Don’t Miss Old Navy’s 50% off Sale: Shop Denim Staples, Cozy Cardigans & More Great Finds Starting at $7
- How 2024 Olympics Heptathlete Chari Hawkins Turned “Green Goblin” of Anxiety Into a Superpower
- Chiefs' Travis Kelce in his 'sanctuary' preparing for Super Bowl three-peat quest
Recommendation
-
John Krasinski named People magazine’s 2024 Sexiest Man Alive
-
Céline Dion's dazzling Olympics performance renders Kelly Clarkson speechless
-
Watching the Eras Tour for free, thousands of Swifties 'Taylor-gate' in Munich, Germany
-
Eiffel Tower glows on rainy night, but many fans can't see opening ceremony
-
Why the US celebrates Veterans Day and how the holiday has changed over time
-
Piece of Eiffel Tower in medals? Gold medals not solid gold? Olympic medals deep dive
-
Rafael Nadal beats Márton Fucsovics, to face Novak Djokovic next at Olympics
-
3 men sentenced for racist conspiracy plot to destroy Northwest power grid