A hacker appears to have breached Uber’s internal systems, gaining administrative access to its AWS, HackerOne, Google Workspace, Slack, vSphere, and financial accounts. The hacker, who claims to be 18 years old, tells The Washington Post that they may leak Uber’s source code “in a few months.”
Uber is currently investigating the breach with help from the authorities. It has not commented on the incident, nor has it confirmed the severity of the hack. At the time of writing, we only have information provided by the alleged hacker (who is freely sharing screenshots of Uber’s internal systems) and Uber employees.
The hacker didn’t have much trouble breaking into Uber’s systems. They simply tricked an Uber employee into sharing VPN details. Once the hacker accessed Uber’s VPN, they scanned the company’s intranet and found admin login credentials in a powershell script.
Apparently there was an internal network share that contained powershell scripts…
"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite" pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) September 16, 2022
These login credentials unlocked Uber’s internal systems. The hacker quickly leaked Uber’s financial data and commented on all of its HackerOne tickets. Oddly enough, they also replaced Uber’s internal webpages with photos of genitalia, accompanied by short messages about how Uber employees are “wankers.” So, the teenage hacker is probably British.
The hacker even announced their presence on Uber’s Slack, flatly stating “I am a hacker and Uber has suffered a data breach.” They concluded their message with “#uberunderpaisdrives,” a reference to Uber’s refusal to classify drivers as full-time workers.
Uber employees thought that the Slack message was a joke. They responded with tons of emoji, Spongebob memes, and the infamous “it’s happening” GIF.
We still don’t know the full extent of this data breach. But for what it’s worth, it seems that this hacker is more interested in antagonizing Uber leadership than collecting personal data. Our main concern is the Uber source code—if it leaks, it will probably reveal new vulnerabilities in Uber’s internal systems.
Source: The Washington Post