Uber computer systems hacked: 18-year-old claims to be behind the breach

Uber investigates the security breach of their computer systems

Uber hacked and supposedly by a teenager

Uber encountered a cyberattack when the hacker accessed the vulnerability reports and shared screenshots of the company's internal systems, email dashboards, and Slack server. People working for Uber thought it was a joke, and a teenager came forward claiming to be responsible for the hacking and the information breach.^[1] Those revealed screenshots show what appears to be full access to various critical Uber IT systems, the company's security software, and the Windows domain.^[2]

The particular hacker accessed the company's Amazon Web Services console, VMware ESXi virtual machines, Google Workspace email admin dashboard, and Slack server. In the latter, hackers posted messages.^[3] Ubers' employees were greeted with a message stating that the poster was the one that breached the computer systems. The hacker listed confidential company information.

Uber confirmed the attack and stated that the company are in touch with law enforcement and will post any findings after the investigation is done:

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available

Gaining access using social engineering

The initial reports on this incident listed that the breach was successful because a threat actor breached the Uber computer systems after performing a social engineering attack on the employee and stealing their passwords. Then, the hacker gained access to the internal computer system if the company used those employee credentials. Social engineering^[4] is one of the more common ways and very popular attack tactics used against companies that suffered breaches before.

After the incident was discovered by the company, users were noted not to use the internal messaging services and Slack. The hacker had compromised accounts on Slack and used those to send messages and post things. The threat actor posted an explicit photo on the internal information page for employees of Uber.

The hacker provided those screenshots and claimed to be 18 years old and that he had been working on these cybersecurity attacks for several years, building attack skills. He said that the threat actor broke into Uber's systems because the company had weak security, and he wanted to prove that. He also claimed that Uber drivers should receive higher pay for their job.

More important details were revealed during the breach

This particular cybersecurity incident exposed HackerOne vulnerability reports. Threat actors can steal data and source code from Uber during such attacks. This particular attacker accessed more valuable information because the HackerOne bug bounty program was accessed during the breach.^[5] The hacker indicated that the access was gained by leaving a comment on the flaw report that was submitted to Uber two years ago.

The bug bounty program is one that allows security researchers to disclose these vulnerabilities in various systems and apps privately. These reports can be exchanged for monetary bug bounty rewards. These flaw alerts are meant to be kept confidential until fixes get released to prevent attackers from abusing the information in attacks.

It appears that the threat actor accessed all of the company's private vulnerability submissions on this HackerOne bug bounty program. The company disabled the Uber bug bounty program to cut access to these discovered vulnerabilities.