On September 15th, a hacker who identified as 18 years old gained access to the computer sharing network that Uber uses. Once the hacker breaks into Uber system, they proceeded to publish sexual photos and remarks on the Slack channel that belonged to the company. The ride-hailing company had no alternative but to shut down its services since the situation had deteriorated, so it was impossible to prevent any more damage from taking place.
When questioned about the potential flaw in the organization’s security, the staff members said they could not do searches using any of the organization’s computers, including their own. An Uber employee claimed that whenever he tried to view a page, he was either sent to a male pornographic website or met with a message saying, “f**k you wankers.”
Despite this, the messages continued to be consistent, and soon after, Uber’s slack received a post that appeared to have originated from the hacker’s end; the post read that they had discovered a vulnerability “I at this moment acknowledge that I am a hacker and that Uber has been the victim of a data breach. We ask that you refrain from using any of Uber’s services.”
It has been determined that slack was stolen, along with the private data of Confluence, the stash, and two mono repos from Phabricator. In addition to this, the most tightly held secrets about shoes have been stolen. The hashtag #uberunderpaisdrives was added as a reaction to the message that was sent out after it.
However, this attack was carried out on Uber’s internal systems; the hack did not harm the company’s fleet of cars and its logistical side. The attack was carried out on Uber’s internal systems. Despite this, it was an extremely hazardous approach since it granted the complete hacker control over the data that belonged to the organization.
They have access to the vast majority of Uber’s services. According to the evidence, this is a complete surrender on both parties’ parts. According to the findings of bug bounty hunter Sam Curry, this includes obtaining full access to the cloud environments maintained by Amazon and Google, which are the locations where Uber stores its source code and user data.
Following an exhaustive investigation, it was found that the hacker got into the system by sending a worker a false text message that made it look like the hacker was from the IT department. This was done to make it appear that the hacker was from the IT department. Because of this, the worker fell for the ruse and divulged their password, which gave the hacker access to the system.
After receiving hundreds of questions, Uber made a statement on its Twitter account stating, “We are currently addressing a cybersecurity concern.” The response was published after Uber received the questions. We are now in discussion with the relevant authorities, and when more details become available, we will post them on this page as they become accessible.
If you want to know more then click here.