Thursday, a hacker claiming to be 18 years old infiltrated Uber’s computer network, causing the app-hail to shut down its system after the cyberattacker bombarded staff with vulgar images and remarks.
According to Sam Curry, an engineer at Yuga Labs who corresponded with the hacker, Uber employees were confronted with images of male private parts and a message that read “F**K YOU DUMB WANKERS.”
The IT firm has requested that law enforcement examine the attack.
There was no evidence that the fleet of cars or operations of the transportation company were disrupted.
.
Uber reported on Twitter that they had been hacked and had notified law police. The hacker sent messages to the employees of the ride-hailing company, informing them that their company’s computer system had been compromised. Some employees ridiculed the hacker, believing it to be a prank.
“They have practically complete access to Uber,” Curry told The New York Times. According to appearances, this is a complete concession. This includes full access to the Amazon and Google-hosted cloud environments where Uber maintains its source code and customer data, he claimed.
According to the Times, the hacker was able to penetrate the system by sending a worker a text message purporting to be from the company’s IT department and getting them to disclose their password.
Once inside, he sent a message to the personnel informing them that their system had been compromised.
Thursday, a hacker claiming to be 18 years old penetrated Uber’s computer network, leading the app-hailing business to shut down its systems.
Uber employees first believed the incident was a joke, and “instead of taking action, a significant section of the team engaged in mockery of the hacker.”
According to the Times, the message read, “I proclaim I am a hacker and Uber has suffered a data breach.”
According to a text message supplied to Curry by a corporate employee, Uber employees first believed the incident to be a prank, and “instead of taking action, a significant section of the crew was talking with and mocking the hacker.”
Several Uber employees told Curry that they were ‘trying to lock down everything internally’ to limit the hacker’s access, including the company’s Slack internal chat network, he added.
The hacker gained access to the system by sending a worker a text message posing as a member of the company’s IT department and persuaded them to reveal their password.
This text message was sent to Uber employees by the company’s IT department following the attack.
All Uber employees must immediately stop using Slack until further notice. We are attempting to rectify an issue and will provide updates as they become available.
According to him, there was no evidence that the hacker had caused any damage or was interested in anything other than notoriety.
Curry stated, “I have the impression that they are seeking as much attention as possible.”
The hacker alerted Curry and other security experts to the incursion by impersonating an internal Uber account to remark on vulnerabilities detected on the company’s network through its bug-bounty program, which pays ethical hackers to identify weaknesses.
The sabotage also suggested that Uber pay its drivers more.
Curry and other researchers engaged the hacker in a separate Telegram conversation, sending screenshots of numerous pages from Uber’s cloud providers to demonstrate their intrusion.
The Associated Press attempted to contact the hacker through the Telegram account where Curry and the other researchers were conversing with him, but he did not respond.
One screenshot provided to Twitter and authenticated by researchers depicts a conversation with the hacker in which they claim to have accessed Uber’s internal network via social engineering after obtaining the credentials of an administrator user.
Uber stated in an email that it was responding to a cybersecurity incident and was in contact with police enforcement. It promised to offer updates via its Uber Comms Twitter account.
According to the Times, the corporation suffered another severe hack in 2016, but lied about it and attempted to cover it up.
In another incident, hackers obtained the personal information of over 600,000 riders and drivers and then demanded $100,000 from the corporation in exchange for the information.
Uber’s cybersecurity chief at the time was dismissed and charged with obstructing justice for failing to notify the Federal Trade Commission of the attack.