Uber hacked, company assessing severity of losses
Uber says it is working with law enforcement to investigate a data hack that may have given a hacker widespread access to all of the firm's data and systems.
This is not the first time that Uber has been hacked, but as yet it's not known to what extent the breach has been successful.
Uber has tweeted about the incident, and according to the Wall Street Journal, it is confirmed that a hacker did gain at least some access.
Reportedly, the hacker first gained access to Uber's account with security firm HackerOne. That firm's researchers say that the hacker provided screenshots showing Uber's systems ranging from its Amazon Web Services accounts, to Google cloud services.
"We got alerted to this promptly by our customer Uber," Marten Mickos, HackerOne's chief executive, said in a text message to the publication. "We locked access to their data in order to protect it. We have a team assisting them in their investigation."
It's not clear how the hack was initially identified, and the Wall Street Journal says it has not been able to verify the hacker's claims. That includes whether the hacker is one identifying himself or herself as Tea Pot.
Tea Pot has both claimed to be the hacker, and reportedly said that the hack was done by tricking an Uber employee into giving them access to the company's private network.
If the breach is as severe as reported, it won't be the company's first massive breach.
Former Uber security chief, Joe Sullivan, was fired after a 2016 data breach. He is this week standing trial over accusations that he paid the hackers' ransom in order to hide that there had been a breach. Sullivan denies this.
Read on AppleInsider
This is not the first time that Uber has been hacked, but as yet it's not known to what extent the breach has been successful.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
-- Uber Comms (@Uber_Comms)
Uber has tweeted about the incident, and according to the Wall Street Journal, it is confirmed that a hacker did gain at least some access.
Reportedly, the hacker first gained access to Uber's account with security firm HackerOne. That firm's researchers say that the hacker provided screenshots showing Uber's systems ranging from its Amazon Web Services accounts, to Google cloud services.
"We got alerted to this promptly by our customer Uber," Marten Mickos, HackerOne's chief executive, said in a text message to the publication. "We locked access to their data in order to protect it. We have a team assisting them in their investigation."
It's not clear how the hack was initially identified, and the Wall Street Journal says it has not been able to verify the hacker's claims. That includes whether the hacker is one identifying himself or herself as Tea Pot.
Tea Pot has both claimed to be the hacker, and reportedly said that the hack was done by tricking an Uber employee into giving them access to the company's private network.
If the breach is as severe as reported, it won't be the company's first massive breach.
Former Uber security chief, Joe Sullivan, was fired after a 2016 data breach. He is this week standing trial over accusations that he paid the hackers' ransom in order to hide that there had been a breach. Sullivan denies this.
Read on AppleInsider
Comments
It was great to learn programming in the 1980s, where networking was not available to the hobbyist. These days, it's so cheap to run simple intrusion tests that you have to assume that any weakness in your security is going to be at least noticed (and more likely, actively exploited) within minutes of deployment.
Apple's not perfect in this regard - we've seen numerous issues from their software and systems relating to input validation failures - but they have always treated security as an important aspect of everything they do rather than a bolt-on. Uber and companies like them are learning that this is what you have to do in today's world.