Things are very different in the USA, where Uber and its competitor Lyft have long since replaced the taxi. But as convenient as Uber is – there is a need to catch up when it comes to safety. At least that’s what an incident uncovered today by the New York Times (NYT) suggests.
Because, as the well-known US daily newspaper reports, the car dispatcher was the victim of a massive hacker attack yesterday. As a result, Uber had to deactivate various systems in order to be able to estimate the extent. However, it was not a criminal organization or other data thieves who were responsible for this, but an 18-year-old who, according to his own statements, wanted to draw attention to weak points. Because as proof of his hack, he provided images of emails, cloud storage, and code repositories.
The scale was and is huge, as security expert Sam Curry told the NYT: “(The person) has almost unrestricted access to Uber. From all appearances, there is a total security gap.”
Hacker Told Via Slack
Above all, the how of the attack is remarkable and sometimes extremely embarrassing. Because the attacker spoke up himself in the company messenger Slack and wrote there: “I announce that I am a hacker and that Uber has suffered unauthorized data access.”
He then listed what he had access to. The problem: the Uber employees thought it was a joke and flooded the post with various laughing emojis. According to the hacker, who says he is 18 years old and wanted to show what weak security Uber has, he was able to get login data via social engineering. He texted an Uber employee posing as an IT worker. He was able to convince him to hand over the login data – he could use that to log in, but there was apparently no two-factor verification for the internal systems.
Media coordinator and junior editor at Research Snipers RS-NEWS, I studied mass communication and interested technology business, I have 3 years experience in the media industry.