fbpx

Uber Completely Pwned By Teenager | “I announce I am a hacker, and Uber has suffered a data breach,” the 18-year-old hacker wrote in an email to every Uber employee. Employees thought it was a joke!

Uber Completely Pwned By Teenager – You would think that with all the money Uber has thrown around since its inception until now, the company would have put a little more funds into cybersecurity. But unfortunately, that does not appear to be the case. Uber’s operations are still halted after an 18-year-old hacker gained complete access to the company’s network, which security experts describe as a “complete compromise” of Uber’s internal systems.

The hacker gained access to all of Uber’s internal systems, including source code, internal internet and email networks, and Slack communication channels. The adolescent even posted an explicit image on an internal employee information page and messages demanding higher pay for drivers. If you’re going to turn the inner workings of a major corporation into your personal playground, you might as well include class consciousness.

The New York Times communicated with the alleged hacker, who explained how he accomplished the feat.

According to the teen who claimed responsibility for the hack, he sent a text message to an Uber employee posing as a corporate information technology person. Social engineering was used to persuade the worker to hand over a password that allowed the hacker access to Uber’s network.

Uber Completely Pwned By Teenager – Here’s how he got access:

  1. Bought a $10 stolen employee VPN credentials from the dark web. Apparently, the credentials belonged to an Uber developer.
  2. Tried to access the internal systems but was stopped by the VPN two-factor authentication.
  3. Posed as an Uber IT employee and communicated with the developer to get him to approve the 2FA notification sent via phone. He insisted for about an hour until the developer approved access.
  4. Proceeded to access the network and found a PowerShell script containing a hardcoded super admin username and password.
  5. Used credentials to get into major Uber infrastructure, including servers.

“These types of social engineering attacks to gain a foothold within tech companies are on the rise,” said Rachel Tobac, CEO of SocialProof Security. Ms. Tobac cited the 2020 Twitter hack, in which teenagers used social engineering to gain access to the company. Recent breaches at Microsoft and Okta used similar social engineering techniques.

No alt text provided for this image

The teen hacker provided screenshots of internal Uber systems to demonstrate his access. He claimed to be 18 years old and had spent several years honing his cyber security skills. He claimed he broke into Uber’s systems due to the company’s lax security. The person who announced the breach on Slack also stated that Uber drivers should be paid more.

There is no estimate for when Uber expects to regain control of its systems. Uber is still under the control of an 18-year-old hobbyist. However, the hacker should exercise caution because he has reached the age where he can be tried as an adult if authorities are able to identify and apprehend him.

NEXT MASTERCLASS Cyber Security On A Budget: Protect Your Small Business From Hackers

Sharing is Caring!

You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://rhyno.io/blogs/”

For media enquiries, contact us at [email protected]

MANAGED CYBERSECURITY SOLUTIONS

Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.

GO TO CYBERSECURITY SOLUTIONS

About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

Privacy Preference Center