Uber Breach Looks Like It Compromised All Systems
Uber reportedly has suffered another massive security incident, which is likely more extensive than its 2016 data breach and potentially may have compromised its entire network. It also can result in access logs being deleted or altered.
A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP).
“The attacker is claiming to have completely compromised Uber, showing screenshots where they’re full admin on AWS and GCP,” Sam Curry wrote in a tweet. The security engineer at Yuga Labs, who corresponded with the hacker, added: “This is a total compromise from what it looks like.”
Uber since had shut down online access to its internal communications and engineering systems, while it investigated the breach, according a report by The New York Times (NYT), which broke the news. The company’s internal messaging platform, Slack, also was taken offline.
","tags":[],"size":452651,"width":1365,"height":768,"author":{"id":"781a4b26-f4ec-4df5-84ed-c2775cdfd86f","username":"ebetters","email":"epicaro@redventures.com","firstName":"Elyse","middleName":null,"lastName":"Betters Picaro","dateCreated":{"date":"2016-06-21 00:00:00","timezone":"UTC"},"dateUpdated":{"date":"2020-12-07 15:47:59","timezone":"UTC"},"ursId":"27051783234840286590268119258902","roles":{"data":[{"id":"61591c5b-7555-45d4-af72-0fb74bc50390","name":"Contributor","role":"ROLE_CONTRIBUTOR","permissions":null,"typeName":"user_user_role"},{"id":"6433d651-b141-4634-a00c-c6312d694a54","name":"Editor","role":"ROLE_EDITOR","permissions":null,"typeName":"user_user_role"},{"id":"d65ae4ee-7ad2-11e2-9400-029118418759","name":"Super User","role":"ROLE_SUPER_USER","permissions":null,"typeName":"user_user_role"},{"id":"d682bfda-7ad2-11e2-9400-029118418759","name":"CMS User","role":"ROLE_CMS_USER","permissions":null,"typeName":"user_user_role"}],"paging":{"total":4,"limit":15,"offset":0}},"profiles":{"data":[{"id":"84c775b4-26e4-4285-a0cb-ab642b885442","dateCreated":{"date":"2016-06-21 15:54:31","timezone":"UTC"},"dateUpdated":{"date":"2020-11-04 19:26:55","timezone":"UTC"},"language":"en","title":"Editor","byline":"Elyse Betters Picaro","bureau":"US","authorBio":"Elyse Betters Picaro is an editor based in New York. Previously, she was an editor at 9to5Mac, 9to5Google, and Pocket-lint. She has an MFA from The New School in Manhattan and a BA from the University of Massachusetts at Amherst.","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"}],"paging":{"total":1,"limit":15,"offset":0}},"profile":{"id":"84c775b4-26e4-4285-a0cb-ab642b885442","dateCreated":{"date":"2016-06-21 15:54:31","timezone":"UTC"},"dateUpdated":{"date":"2020-11-04 19:26:55","timezone":"UTC"},"language":"en","title":"Editor","byline":"Elyse Betters Picaro","bureau":"US","authorBio":"Elyse Betters Picaro is an editor based in New York. Previously, she was an editor at 9to5Mac, 9to5Google, and Pocket-lint. She has an MFA from The New School in Manhattan and a BA from the University of Massachusetts at Amherst.","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"},"socialProfileIds":{"facebookProfile":null,"facebookPage":null,"twitter":"elysebetters","googlePlus":null,"instagram":"elysebetters"},"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Elyse Betters Picaro","authorBlogs":[{"title":"Business Bargain Hunter","slug":"business-bargain-hunter"}],"language":"en","title":"Editor","byline":"Elyse Betters Picaro","bureau":"US","authorBio":"Elyse Betters Picaro is an editor based in New York. Previously, she was an editor at 9to5Mac, 9to5Google, and Pocket-lint. She has an MFA from The New School in Manhattan and a BA from the University of Massachusetts at Amherst.","authorDisclosure":"Elyse Betters Picaro has nothing to disclose."},"dateCreated":{"date":"2020-04-06 17:24:05","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2020-04-06 17:24:11","timezone":"UTC","timezone_type":3},"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Getty Images/iStockphoto","alt":"Technology Security Concept.","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Malware is rife, and protection isn’t just a good idea, it’s a must. A roundup of the best software and apps for Windows and Mac computers, as well as iOS and Android devices, to keep you and your data safe from malware and viruses.","promoTitle":null,"slug":"best-antivirus","title":"Best antivirus software","topic":{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"96093490-341e-45e4-b27a-bf297aa2c5bb","deleted":false,"leaf":false,"topicPath":[{"id":"9d3e6108-0023-11e4-95d2-02911863765e","name":"Innovation","typeName":"content_topic","slug":"innovation","languages":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"4c7171e8-08ca-11e4-9732-00505685119a","name":"Innovation","description":"Discover the best technology ideas emerging from around the globe and how they are promising to help build a better future.","language":"en","slug":"innovation","vanityUrl":null,"typeName":"content_topic_language"}]}],"descendantCount":16,"type":{"id":"31bc3a04-c7a0-4fc1-b073-372a09f0cb0c","title":"Content","description":"Content","dateUpdated":null,"typeName":"content_topic_type"},"authors":{"data":[],"paging":{"total":0,"limit":15,"offset":0}},"editions":{"data":[{"topic":"96093490-341e-45e4-b27a-bf297aa2c5bb","edition":{"key":"au","label":"AU","prefix":"au/","lang":"en","translationLocale":"en_AU","locales":["en-au","en-nz"],"timezone":"Australia/Sydney","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"AU Edition","currency_name":"AUD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"3b89b412-4197-4c0e-8efc-adc1ed34c324","typeName":"content_topic_edition"},{"topic":"96093490-341e-45e4-b27a-bf297aa2c5bb","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"439ffcd3-b1d2-4ba3-bd3e-3a8a3a14b877","typeName":"content_topic_edition"},{"topic":"96093490-341e-45e4-b27a-bf297aa2c5bb","edition":{"key":"uk","label":"UK","prefix":"uk/","lang":"en","translationLocale":"en_GB","locales":["en-gb","en-ie","en-za","ka-ge","fa-ir","ar-iq","he-il","ar-jo","ar-kw","ar-lb","ar-om","ar-ps","ar-qa","ar-sa","ar-sy","ar-ae","ar-ye"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"UK Edition","currency_name":"STG","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"7f8132dc-66e4-4f0c-9926-da32896f9819","typeName":"content_topic_edition"},{"topic":"96093490-341e-45e4-b27a-bf297aa2c5bb","edition":{"key":"as","label":"Asia","prefix":"as/","lang":"en","translationLocale":"en_SG","locales":["fa-af","hy-am","az-az","bn-bd","dz-bt","ms-bn","zh-cn","km-kh","en-hk","zh-hk","in-id","ja-jp","kk-kz","ky-kg","lo-la","ms-my","dv-mv","mm-mn","my-mm","ne-np","kr-kp","en-pk","en-ph","en-sg","si-lk","ko-kr","tg-tj","zh-tw","th-th","pt-tl","tk-tm","uz-uz","vi-vn"],"timezone":"Asia/Singapore","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"Asia Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"a7006afb-8079-4b3c-b7d9-84ef90a8050e","typeName":"content_topic_edition"},{"topic":"96093490-341e-45e4-b27a-bf297aa2c5bb","edition":{"key":"in","label":"India","prefix":"in/","lang":"en","translationLocale":"en_IN","locales":["en-in"],"timezone":"Asia/Kolkata","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"India Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"e69b578c-37aa-435b-9e42-12a533a9806d","typeName":"content_topic_edition"},{"topic":"96093490-341e-45e4-b27a-bf297aa2c5bb","edition":{"key":"eu","label":"EU","prefix":"eu/","lang":"en","translationLocale":"en_GB","locales":["de-at","ar-bh","en-be","bg-bg","el-cy","cs-cz","da-dk","pt-pl","et-ee","fi-fi","fr-fr","de-de","el-gr","hu-hu","it-it","lv-lv","lt-lt","de-lu","fr-lu","en-mt","nl-nl","pl-pl","pt-pt","ro-ro","sk-sk","sl-sl","es-es","sv-se","fr-ch","de-ch","tr-tk"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"EU Edition","currency_name":"Euro","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"f7bff5b1-8feb-436c-a042-f7539003e29d","typeName":"content_topic_edition"}],"paging":{"total":6,"limit":15,"offset":0}},"languages":{"data":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"fb83f3a1-5cf0-4fed-9d1f-62310666bbf3","name":"Services & Software","description":null,"language":"en","slug":"services-software","vanityUrl":null,"typeName":"content_topic_language"}],"paging":{"total":1,"limit":15,"offset":0}},"name":"Services & Software","description":null,"slug":"services-software","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},{"body":null,"dek":"We don’t just test VPN provider performance in this in-depth analysis. We go out onto the internet, gather performance data from all across the web, and let you know which provider — according to VPN performance tests independently conducted by eleven different publications — has the best overall and most consistent performance.","description":"We don’t just test VPN provider performance in this in-depth analysis. We go out onto the internet, gather performance data from all across the web, and let you know which provider — according to VPN performance tests independently conducted by eleven different publications — has the best overall and most consistent performance.","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"image":{"id":"d47ed6d4-38b5-40f8-ac33-240a9e51b53c","title":"Man working on laptop in futuristic digital backgroud. High speed browsing .","filename":"istock-1066603764.jpg","path":"https://gcp-prod-image-resizer.zdnet.com/i/2021/02/01/d47ed6d4-38b5-40f8-ac33-240a9e51b53c/istock-1066603764.jpg","caption":"
Man working on laptop in futuristic digital backgroud. High speed browsing .
","tags":[],"size":1022310,"width":1600,"height":1069,"author":{"id":"781a4b26-f4ec-4df5-84ed-c2775cdfd86f","username":"ebetters","email":"epicaro@redventures.com","firstName":"Elyse","middleName":null,"lastName":"Betters Picaro","dateCreated":{"date":"2016-06-21 00:00:00","timezone":"UTC"},"dateUpdated":{"date":"2020-12-07 15:47:59","timezone":"UTC"},"ursId":"27051783234840286590268119258902","roles":{"data":[{"id":"61591c5b-7555-45d4-af72-0fb74bc50390","name":"Contributor","role":"ROLE_CONTRIBUTOR","permissions":null,"typeName":"user_user_role"},{"id":"6433d651-b141-4634-a00c-c6312d694a54","name":"Editor","role":"ROLE_EDITOR","permissions":null,"typeName":"user_user_role"},{"id":"d65ae4ee-7ad2-11e2-9400-029118418759","name":"Super User","role":"ROLE_SUPER_USER","permissions":null,"typeName":"user_user_role"},{"id":"d682bfda-7ad2-11e2-9400-029118418759","name":"CMS User","role":"ROLE_CMS_USER","permissions":null,"typeName":"user_user_role"}],"paging":{"total":4,"limit":15,"offset":0}},"profiles":{"data":[{"id":"84c775b4-26e4-4285-a0cb-ab642b885442","dateCreated":{"date":"2016-06-21 15:54:31","timezone":"UTC"},"dateUpdated":{"date":"2020-11-04 19:26:55","timezone":"UTC"},"language":"en","title":"Editor","byline":"Elyse Betters Picaro","bureau":"US","authorBio":"Elyse Betters Picaro is an editor based in New York. Previously, she was an editor at 9to5Mac, 9to5Google, and Pocket-lint. She has an MFA from The New School in Manhattan and a BA from the University of Massachusetts at Amherst.","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"}],"paging":{"total":1,"limit":15,"offset":0}},"profile":{"id":"84c775b4-26e4-4285-a0cb-ab642b885442","dateCreated":{"date":"2016-06-21 15:54:31","timezone":"UTC"},"dateUpdated":{"date":"2020-11-04 19:26:55","timezone":"UTC"},"language":"en","title":"Editor","byline":"Elyse Betters Picaro","bureau":"US","authorBio":"Elyse Betters Picaro is an editor based in New York. Previously, she was an editor at 9to5Mac, 9to5Google, and Pocket-lint. She has an MFA from The New School in Manhattan and a BA from the University of Massachusetts at Amherst.","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"},"socialProfileIds":{"facebookProfile":null,"facebookPage":null,"twitter":"elysebetters","googlePlus":null,"instagram":"elysebetters"},"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Elyse Betters Picaro","authorBlogs":[{"title":"Business Bargain Hunter","slug":"business-bargain-hunter"}],"language":"en","title":"Editor","byline":"Elyse Betters Picaro","bureau":"US","authorBio":"Elyse Betters Picaro is an editor based in New York. Previously, she was an editor at 9to5Mac, 9to5Google, and Pocket-lint. She has an MFA from The New School in Manhattan and a BA from the University of Massachusetts at Amherst.","authorDisclosure":"Elyse Betters Picaro has nothing to disclose."},"dateCreated":{"date":"2021-02-01 15:16:32","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-02-01 15:16:34","timezone":"UTC","timezone_type":3},"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Getty Images/iStockphoto","alt":"Man working on laptop in futuristic digital backgroud. High speed browsing .","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"We don’t just test VPN provider performance in this in-depth analysis. We go out onto the internet, gather performance data from all across the web, and let you know which provider — according to VPN performance tests independently conducted by eleven different publications — has the best overall and most consistent performance.","promoTitle":null,"slug":"fastest-vpn","title":"The fastest VPNs","topic":{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"e5be9bf6-59dd-4954-b3b3-ee691565f832","deleted":false,"leaf":true,"topicPath":[{"id":"9d3e6108-0023-11e4-95d2-02911863765e","name":"Innovation","typeName":"content_topic","slug":"innovation","languages":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"4c7171e8-08ca-11e4-9732-00505685119a","name":"Innovation","description":"Discover the best technology ideas emerging from around the globe and how they are promising to help build a better future.","language":"en","slug":"innovation","vanityUrl":null,"typeName":"content_topic_language"}]},{"id":"113c25b6-ec91-11e3-95d2-02911863765e","name":"Security","typeName":"content_topic","slug":"security","languages":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"81e128a0-08ca-11e4-9732-00505685119a","name":"Security","description":"Software has holes, and hackers will exploit the new vulnerabilities that appear daily. Keep tabs on the latest threats.","language":"en","slug":"security","vanityUrl":null,"typeName":"content_topic_language"}]}],"descendantCount":0,"type":{"id":"31bc3a04-c7a0-4fc1-b073-372a09f0cb0c","title":"Content","description":"Content","dateUpdated":null,"typeName":"content_topic_type"},"authors":{"data":[],"paging":{"total":0,"limit":15,"offset":0}},"editions":{"data":[{"topic":"e5be9bf6-59dd-4954-b3b3-ee691565f832","edition":{"key":"in","label":"India","prefix":"in/","lang":"en","translationLocale":"en_IN","locales":["en-in"],"timezone":"Asia/Kolkata","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"India Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"0c9a94e0-e9e7-4f3b-aef7-035ce925d60f","typeName":"content_topic_edition"},{"topic":"e5be9bf6-59dd-4954-b3b3-ee691565f832","edition":{"key":"as","label":"Asia","prefix":"as/","lang":"en","translationLocale":"en_SG","locales":["fa-af","hy-am","az-az","bn-bd","dz-bt","ms-bn","zh-cn","km-kh","en-hk","zh-hk","in-id","ja-jp","kk-kz","ky-kg","lo-la","ms-my","dv-mv","mm-mn","my-mm","ne-np","kr-kp","en-pk","en-ph","en-sg","si-lk","ko-kr","tg-tj","zh-tw","th-th","pt-tl","tk-tm","uz-uz","vi-vn"],"timezone":"Asia/Singapore","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"Asia Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"2f79772a-d51a-4d75-b4c9-64a8044bdaf6","typeName":"content_topic_edition"},{"topic":"e5be9bf6-59dd-4954-b3b3-ee691565f832","edition":{"key":"uk","label":"UK","prefix":"uk/","lang":"en","translationLocale":"en_GB","locales":["en-gb","en-ie","en-za","ka-ge","fa-ir","ar-iq","he-il","ar-jo","ar-kw","ar-lb","ar-om","ar-ps","ar-qa","ar-sa","ar-sy","ar-ae","ar-ye"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"UK Edition","currency_name":"STG","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"a2d884ae-87aa-4157-8a4f-96f2a6ab39c4","typeName":"content_topic_edition"},{"topic":"e5be9bf6-59dd-4954-b3b3-ee691565f832","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"a8227a14-763a-4cd8-a8d3-fdb50ee0edab","typeName":"content_topic_edition"},{"topic":"e5be9bf6-59dd-4954-b3b3-ee691565f832","edition":{"key":"au","label":"AU","prefix":"au/","lang":"en","translationLocale":"en_AU","locales":["en-au","en-nz"],"timezone":"Australia/Sydney","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"AU Edition","currency_name":"AUD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"af43c63e-fdc2-46eb-a079-de9d1ec0afa5","typeName":"content_topic_edition"},{"topic":"e5be9bf6-59dd-4954-b3b3-ee691565f832","edition":{"key":"eu","label":"EU","prefix":"eu/","lang":"en","translationLocale":"en_GB","locales":["de-at","ar-bh","en-be","bg-bg","el-cy","cs-cz","da-dk","pt-pl","et-ee","fi-fi","fr-fr","de-de","el-gr","hu-hu","it-it","lv-lv","lt-lt","de-lu","fr-lu","en-mt","nl-nl","pl-pl","pt-pt","ro-ro","sk-sk","sl-sl","es-es","sv-se","fr-ch","de-ch","tr-tk"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"EU Edition","currency_name":"Euro","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"d96dc21f-cf67-4fb3-b017-a21f3aa71489","typeName":"content_topic_edition"}],"paging":{"total":6,"limit":15,"offset":0}},"languages":{"data":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"4ae180c4-8117-47c0-89e5-d91b7db3e373","name":"VPN","description":null,"language":"en","slug":"vpn","vanityUrl":null,"typeName":"content_topic_language"}],"paging":{"total":1,"limit":15,"offset":0}},"name":"VPN","description":null,"slug":"vpn","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"}],"title":"ZDNet Recommends","view":"pinbox_text_list"}” class=”c-shortcodePinbox-textList c-shortcodePinbox-textList_floating g-border-thin-light-bottom g-outer-spacing-top-medium g-outer-spacing-bottom-medium”>
ZDNET Recommends
The hacker, who claimed to be 18 years old, told NYT he had sent a text message to an Uber employee and was able to persuade the staff member to reveal a password after claiming to be a corporate information technology personnel. The social engineering hack allowed him to breach Uber’s systems, with the hacker describing the company’s security posture as weak.
With the employee’s password, the hacker was able to get into the internal VPN, said Acronis’ CISO Kevin Reed in a LinkedIn post. The hacker then gained access to the corporate network, found highly privileged credentials on network file shares, and used these to access everything, including production systems, corporate EDR (endpoint detection and response) console, and Uber’s Slack management interface.
It was not known, though, how the hacker was able to circumvent the two-factor authentication after obtaining the employee’s password, Reed noted.
“This looks bad,” he said, noting that it was likely hackers now could access whatever data Uber had.
Asked if the impact was similar or potentially greater than Uber’s 2016 data breach, Reed told ZDNET the latest compromise was certainly large and “as big as it could be”. Every system Uber operated might have been compromised, he said.
While it was unclear what data the ride-sharing company retained, he noted that whatever it had most likely could be accessed by the hacker, including trip history and addresses.
Given that everything had been compromised, he added that there also was no way for Uber to confirm if data had been accessed or altered since the hackers had access to logging systems. This meant they could delete or alter access logs, he said.
In the 2016 breach, hackers infiltrated a private GitHub repository used by Uber software engineers and gained access to an AWS account that managed tasks handled by the ride-sharing service. It compromised data of 57 million Uber accounts worldwide, with hackers gaining access to names, email addresses, and phone numbers. Some 7 million drivers also were affected, including details of more than 600,000 driver licenses.
Uber later was found to have concealed the breach for more than a year, even resorting to paying off hackers to delete the information and keep details of the breach quiet. The ride-sharing company in 2018 reached a settlement to pay $148 million over the breach and coverup, with the monies distributed across the US states.
RELATED COVERAGE
READ MORE HERE