Towards the end of last week, ride-hailing firm Uber announced that it was conducting an investigation after the platform’s internal communications and engineering systems were breached. After the breach, the hacker then sent images of email, cloud storage and code repositories to the media.
On September 16 at 10:30am Pacific Time, Uber offered an update about the incident on its website, stating that: it has no evidence that the incident involved access to sensitive user data (like trip history); all its services including Uber, Uber Eats, Uber Freight, and the Uber Driver app were operational; and that internal software tools that it had taken down as a precaution were coming back online that morning.
On September 15 at 6:25pm Pacific Time, announced via its website that the platform was “responding to a cybersecurity incident,” adding that the company was already in touch with law enforcement.
Following the breach, Uber staff were instructed not to use Slack for their workplace communications. Just before the Slack system was taken offline, Uber employees received a message that read: “I announce I am a hacker and Uber has suffered a data breach.”
According to the BBC, it seemed that the hacker was later able to gain access to Uber’s other internal systems, as the intruder posted an explicit photo on the company’s internal information page for staff.
— Uber Comms (@Uber_Comms) September 16, 2022
Media reports indicate that the hacker, reportedly an 18-year old, has been working on his cyber-security skills for several years and hacked the Uber systems because “they had weak security”. The intruder also said that Uber drivers should receive higher pay.
Adding their voice to the incident, cybersecurity experts and analysts have come forward to offer their perspective on the breach and propose steps to enable organisations to guard their systems and data against such breaches in future.
John Shier, the senior security advisor at Sophos, emphasised the importance of identity management systems for organisations.
“The Uber hack demonstrates how important identity management backed by strong authentication, such as hardware security keys, are for privileged systems, and why today’s organizations need the ability to detect when attackers exploit, misuse or steal credentials. As we’ve seen in recent high-profile attacks against large organizations, persistent attackers can and will find a way around multi-factor authentication systems that rely solely on time-based one-time passwords (TOTP) or push-based authentication. The need for compartmentalized access to critical resources, strong authentication and detection of identity-based activity is an important part of an organization’s layered defenses,” said Shier.