A hacker posted screenshots and commented on their exploits in interactions with the media and security experts, showing that they had successfully breached the ride-sharing app’s internal networks.
The miscreant obtained an employee’s VPN username and password using social engineering tactics. As a result of the compromised access, the hackers could scan Uber’s intranet and hack into its network.
According to reports, Uber relies on multi-factor authentication (MFA). The experts commented that an attacker could have used a manipulator-in-the-middle (MitM) attack to bypass these controls by creating a fake domain and relaying authentication codes.
According to the attacker, an Uber employee was spammed with push authentication requests for more than an hour before another channel was used to trick them into authorizing the request.
Attackers claim to have located a network share that contained PowerShell scripts that included a system administrator’s username and password.
The cybercrook used this information to extract passwords and gain access to Uber’s AWS (Amazon Web Services), Onelogin, and GSuite environments, among others).
Moreover, they hacked into an Uber employee’s HackerOne account and commented on multiple tickets, indicating that they likely compromised susceptible bug bounty reports related to Uber’s products and infrastructure.
Slack and some other tools have been unavailable to Uber workers due to the hack. In addition, the hacker posted NSFW (Not Safe For Work) images on internal employee resource pages.
A message on Uber’s official Twitter account said: “We are currently investigating a cybersecurity incident.”. We are in touch with law enforcement and will post additional updates here as they become available.”
We requested early access to comment on the results of this ongoing data breach investigation. So far, we haven’t heard back, but we will update this story as we receive more information.