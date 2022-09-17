Uber suffered a cyberattack this past Thursday (15), which may have compromised much of the company’s internal system. According to data released by The New York Times yesterday, an 18-year-old hacker gained access to several of the company’s communication and IT schemes – such as vulnerability reports, Google Workspace area, Slack server, security software, Windows domain, among others. According to the American portal, which managed to contact the intruder, the motivation for the attack would be the fact that “the company has weak security”.

To gain entry into the system, the hacker allegedly applied the technique of “social engineering” often used by cybercriminals for such attacks. Thus, through Slack, the attacker tricked an Uber employee and made him hand over a password that guaranteed access to the company’s administration systems. For now, it is not yet known whether the security flaw could impact users.

Multiple internal systems of the private racing company were compromised during this hacking attack. According to the information revealed so far, in addition to Uber’s communication areas – which include employees’ work emails and messengers -, VMware ESXi virtual machines and cloud management applications such as Amazon Web Services and Google Cloud, also were exposed.

The risk here is that Uber keeps highly confidential information on these cloud storage services. Some examples of this are the source code of the application for Android and iPhone (iOS) cell phones and the desktop version of the platform, and numerous customer data – such as names, most frequented addresses, credit card and cell phone numbers.

In addition, information was also kept from the company’s HackerOne program, which rewards “freelance” developers for identifying bugs and security holes in the app. According to information from the BleepingComputer portal, the hacker would have downloaded all the vulnerability reports of the app that were available on this platform, including those that were still in the correction phase – which represents an even greater risk for Uber, as it may expose more weaknesses. of the company’s system.

On the same day as the failure, the company posted a tweet on its official profile to inform customers about the case and provide updates on the resolution. In it, the company informs that it is already in contact with the local authorities and that, soon, will return with more information.

We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will bring updates [sobre o caso] as they become available”, says the note, in free translation.

wanted by TechTudo For an official position on the case, Uber re-posted the tweet shown above. The company did not say whether the breach poses potential risks to users.

With information from The New York Times and BleedingComputer

