On Thursday afternoon an unknown attacker was able to breach Uber’s internal systems gaining access to the company’s vulnerability reports, Google Workspace email admin dashboard and Slack server, to which the attacker reportedly posted several messages.
The attacker shared screenshots as proof of the breach which indicated full access to critical company IT systems including Uber’s security software and Windows domain. Other affected systems include the company’s AWS console and VMware ESXi virtual machines.
The hacker even identified themselves in the Uber Slack channel claiming that the company’s been hacked and disclosing access to systems. Uber employees, however, took that as a joke.
According to The New York Times which first reported the beach, the attacker claims to have targeted an Uber employee in a social engineering attack and stole their credentials, which were then used to access the company’s VPN and eventually their intranet. Uber has since confirmed the breach on Twitter and is working with law enforcement agencies to respond to the threat.
The hacker, who’s reportedly 18 years old claimed he hacked Uber for fun and is considering selling the source code. They also laid out their roadmap for Uber in conversation with cybersecurity researcher Corben Leo. Apparently, there was a network share on Uber’s intranet containing a number of PowerShell scripts, one of which had credentials for an admin user which helped the attacker gain access to the aforementioned systems.
However, Uber’s problems have just begun. Yuga Labs security engineer Sam Curry claims that the hacker also had access to Uber’s HackerOne bug bounty program and reportedly downloaded all vulnerability reports before losing access.
In conversation with the BleepingComputer, Curry revealed that he himself got to know about the breach when the attacker left a comment on a HackerOne vulnerability submission that he turned in around two years ago. HackerOne has since disabled the Uber bug bounty program in an attempt to cut access to the disclosed vulnerabilities. That said, it wouldn’t be surprising to see them being sold on hacker forums shortly.
In the News: Ethereum Merge: 5 things you need to know
