In yet another data breach incident, an allegedly 18-year-old hacker had gained access to Uber’s systems, including high-priority data and credentials. The case was first reported by the New York Times. The 19-year-old also spoke to the New York Times, claiming that he hacked into Uber because its cybersecurity framework had several loopholes.
According to the New York Times, the hacker used social engineering to convince an Uber employee to share their Slack account. From there, the hacker went on to access Uber’s production systems, EDR portal, and Slack management platform. Twilio, Okta, and Mailchimp were hacked earlier this year using similar tactics. According to reports, the hacker even gained access to Uber’s Amazon Web Services and Google Cloud Services.
After hacking into the system, the hacker sent a message to all Uber employees claiming that it had been hacked. The hacker also allegedly demanded better pay for drivers. According to Kevin Reed of cybersecurity firm Acronis, the hacker had access to any and all user information on Uber. Anyone who has uploaded their personal information to Uber is at risk of their data being compromised. Reed added that it’s unclear how the hacker bypassed two-factor authentication.
Cybersecurity breaches are becoming more and more common. In the constant tussle between cybersecurity firms and hackers, the latter seems to be ahead. Uber announced that it would investigate the hack with the help of leading cybersecurity companies. In the past, Uber has been accused of hiding information on hacks and data breaches.