A piece of news that has shaken and taken the technology community by surprise in recent years has undoubtedly been the hacking of Uber.
As if it were a bad episode of, that interesting but almost unnoticed series about the rise and fall of the glory days of this platform.
During the last days the report had emerged, first as a somewhat remote possibility due to the order in which the events occurred.
for later check that indeed it had happened to intrusion to a serious degree. But it would all have been the work of a single hacker, a very young one with behavior that is not exactly usual for this class of attackers.
All this is now known thanks to new information that has begun to circulate where not only the incident is confirmed, but also how easy it was to actually have access to the company’s most private information.
What information was compromised in the Uber hack?
Friends of Washington Post have published an extensive and interesting article, fed from September 16, 2022, with all the details about the hack to this platform.
Where, the most interesting point, is that the entire attack would have been initiated by a young hacker of just 18 years of age, who, once he entered the company’s internal systems and compromised the information, had the courtesy to leave a friendly Slack message to the firm’s employees:
As we can see, the people of Uber since September 15, hours before the initial Post report, published a first statement in which they ended up admitting a “cybersecurity incident”, which in reality would be much more sensitive than dimensioned.
While there is no indication that private customer information was compromised, all evidence shared by the attacker suggests that he gained full access to cloud-hosted systems where Uber stores financial and sensitive customer data.
The screenshots of the intrusion guarantee that the boy would have gained access to Uber’s servers in the Amazon and Google cloud where his source code, internal financial data and customer and partner data are stored, including Uber license numbers. ride.
How an 18-year-old hacked Uber
The most interesting part in this latest round of reveals (via Masable) is that everything would have been the product of a cunning process of social engineering.
Where the hacker first obtained the password of an Uber employee, likely through simple phishing.
It would have been necessary to have some previous information, such as personal telephone numbers. Since in his attack, the hacker logged into his computer remotely, triggering the temporary access block by the two-step notification.
The young man then bombarded the victimized employee with push notifications, the kind asking to confirm a remote login to their account.
When the employee did not respond, the hacker reportedly sent the victim a simple WhatsApp message posing as an unknown IT co-worker.
There the hacker pressed him about the urgency of confirming the remote login in order to move forward with an internal assignment. Finally, the employee relented and confirmed the remote login with a click of his mouse.
Once inside, the hacker found files with access keys to more services and thus began the nightmare for Uber.