Uber says its services are up and running again after severe breach: NPR

An Uber sign is displayed at the company’s headquarters in San Francisco on Monday.

Jeff Chiu/AP

hide caption

toggle caption

Jeff Chiu/AP

An Uber sign is displayed at the company’s headquarters in San Francisco on Monday.

Jeff Chiu/AP

Ride-sharing service Uber said Friday that all of its services were up and running following what security professionals called a major data breach. He said there was no evidence the hacker gained access to sensitive user data.

What appeared to be a lone hacker announced the breach Thursday after apparently tricking an Uber employee into providing credentials.

Screenshots the hacker shared with security researchers indicate that the person gained full access to cloud-based systems where Uber stores sensitive customer and financial data.

It’s unclear how much data the hacker stole or how long he stayed in Uber’s network. Two researchers who contacted the person directly – who identified himself as an 18-year-old to one – said they seemed interested in the ad. There was no indication that they had destroyed any data.

But files shared with researchers and widely circulated on Twitter and other social media indicated the hacker was able to access Uber’s most crucial internal systems.

“It was really bad the access he had. It’s awful,” said Corbin Leo, one of the researchers who spoke with the hacker online.

He said screenshots shared by the person showed the intruder had access to systems stored on Amazon and Google cloud servers where Uber keeps source code, financial data and customer data such as driver’s license.

“If he had the keys to the realm, he could start shutting down services. He could delete things. He could download customer data, change people’s passwords,” said Leo, researcher and development manager commercial of the security company Zellic.

The screenshots the hacker shared – many of which found their way online – showed they had accessed sensitive financial data and internal databases. Among them was one in which the hacker announced the breach in Uber’s internal Slack collaboration system.

Sam Curry, a Yuga Labs engineer who also contacted the hacker, said there was no indication the hacker caused any damage or was interested in anything other than publicity. “My hunch is that it looks like they’re looking to get as much attention as possible.”

Curry said he spoke to several Uber employees on Thursday who said they were “working to lock everything down internally” to restrict the hacker’s access. This included the San Francisco company’s Slack network, he said.

In a statement posted online Friday, Uber said “internal software tools that we removed as a precaution yesterday are back online.”

He said all of his services, including Uber Eats and Uber Freight, were up and running.

The company did not respond to questions from The Associated Press, including whether the hacker had access to customer data and whether that data was stored encrypted. The company said there was no evidence the intruder accessed “sensitive user data” such as ride history.

Curry and Leo said the hacker did not indicate how much data was copied. Uber did not recommend any specific actions for its users, such as changing passwords.

The hacker alerted researchers to the intrusion on Thursday using an internal Uber account on the company’s network used to publish vulnerabilities identified through its bug bounty program, which pays ethical hackers to discover network weaknesses.

After commenting on these posts, the hacker provided a Telegram account address. Curry and other researchers then engaged them in a separate conversation, where the intruder provided screenshots of various pages from Uber’s cloud providers to prove they broke in.

The AP attempted to contact the Telegram account hacker, but received no response.

Screenshots posted to Twitter appear to confirm what the researchers said the hacker claimed: that they gained privileged access to Uber’s most critical systems through social engineering. Indeed, the hacker discovered the password of an Uber employee. Then, posing as a co-worker, the hacker bombarded the employee with text messages asking him to confirm that he had logged into his account. Eventually, the employee relented and provided a two-factor authentication code which the hacker used to log in.

Social engineering is a popular hacking strategy because humans tend to be the weakest link in any network. Teenagers used it in 2020 to hack Twitter and it has more recently been used in hacks by tech companies Twilio and Cloudflare.

Uber has already been hacked.

His former chief security officer, Joseph Sullivan, is now on trial for allegedly paying hackers $100,000 to cover up a 2016 high-tech heist in which the personal information of about 57 million customers and drivers was stolen. been stolen.