Uber reassures its customers following a worrying hack

Uber says a little more about the hacking of the company’s systems a few days ago. The investigation is still ongoing, but Uber can already partially reassure customers: “first and foremost, we have not seen any access to our systems in production […] that drive our apps, nor any user account, user banking information, or shopping history. We also encrypt payment card data and personal health data, which adds an extra layer of protection.”

In other words, according to Uber, there is no indication that the hacker(s) had access to the most sensitive databases – access which would have had the most consequences for customers. Uber adds that it ensured that the actors did not have access to its external databases such as those on Amazon Web Services. The firm also claims to have reviewed its source code – without having found any evidence of any malicious alteration.

Uber doesn’t think hackers will expose its customer data

However, the real impact for the firm remains to be assessed. Uber explains in particular: “It appears that the attacker downloaded some internal Slack messages, in addition to accessing or downloading information from an internal tool that our accounting teams use to manage some of the billing. We are currently analyzing these downloads”.

Uber also recognizes access to the “dashboard [de la firme] on HackerOne”, a platform where security researchers report bugs and other vulnerabilities. A potentially sensitive point because hackers could subsequently exploit flaws that have not yet been closed. But according to Uber: “the reports the hackers had access to have all already been patched”.

Uber’s internal investigators are at this stage pointing to an attack carried out by one or more hackers affiliated with the Lapsus$ group – to whom we owe other major recent hacks, such as that of Nvidia, for example. “We are working closely with the FBI and the US Department of Justice on this investigation, and will continue to support their efforts”adds Uber.

The firm continues its reconstruction of the attack and the aftermath. But beyond that, Uber wants to take advantage of this inconvenience to review its internal procedures and generally strengthen the security of its systems. According to the first elements, the hacker (s) first succeeded in compromising the account of an Uber subcontractor.

Read also – Beware of Uber emails that make Microsoft Outlook flinch

His credentials were presumably acquired on the Dark Web. The person concerned refused several 2FA connection requests, but Uber explains that the subcontractor ended up inadvertently accepting one, which allowed the malicious actor to enter the firm’s systems. From there, the latter was able to access several accounts of employees of the firm, which allowed him to gain more and more authorizations and to access more and more internal tools, like G -Suite and Slack.

Leave a Comment