- A hacker has been able to gain access to Uber’s internal systems.
- According to cybersecurity experts, the hacker used social engineering tactics to get an Uber employee to divulge critical access information.
- Uber suffered a similar hack in 2016, where hackers got the details of 57 million drivers and rider accounts.
An unidentified 18-year-old claimed responsibility for gaining full access to Uber's internal systems on Thursday, September 16, 2022. The company confirmed this in a tweet, saying there was a cybersecurity incident and responding to it.
Per the New York Times, the hacker sent images of the email and code repositories to cybersecurity researchers and sent a message to Uber staff that read, "I announce I am a hacker, and Uber has suffered a data breach." The hacker even went on to post an image of the male genitalia on the company's internal website.
Sam Curry, a bug bounty hunter and Staff Security Engineer at Web3 company Yuga Labs, said the breach was a total compromise.
How did the hacker get in?
The hacker told New York Times that he was able to get into the company's internal system by texting an Uber employee as a corporate information technology person. The employee believed him and gave away vital login information.
It's not a hack per se
The type of attack employed by the 18-year-old hacker is known as a social engineering attack, where a person's ability to be deceptive is what works.
According to Gizmodo, the hacker got access to the employee's VPN, which enabled it to get a hold of Uber's corporate network. From there, the hacker allegedly saw a document with corporate information technology; this made it easy to gain full access to the company's system.
This has happened before
This is not the first time hackers have used social engineering to infiltrate companies. In 2020, teenage hackers were able to breach Twitter and control users' accounts.
Hackers were able to use the accounts of famous people like former US President Barack Obama and American Rapper, Kanye West to request donations in Bitcoin. The hackers reportedly made $110,000 from the hack.
Uber has also been hacked before. In 2016, hackers could steal the information of 57 million drivers and riders and demanded $100,000.
The hack of top tech companies like Twitter and Uber calls into question the importance of cybersecurity in not just tech companies but government agencies. In July 2022, a global cybersecurity and digital privacy company Kaspersky discovered a backdoor targeting government and NGOs across the Middle East, Turkey and Africa.
In Africa, cybersecurity hasn't always been that much of a concern too. In 2020, hackers got access to data from Nigerian and Kenyan universities.
Pakistani Penetration Tester, Touseef Gul, told Techpoint Africa that a simple surface search on the primary domain of these university websites (URL) revealed bugs that could be used to breach them without having to go deep into their systems.
While Africans might not be bothered by data breaches, this article shows that there's much reason for concern. From identity theft to financial data theft, Africa should start taking cybersecurity seriously.