Uber said no private users’ data was compromised in the cyber breach

Uber, a trip-hailing platform turned into in news because of the information breach, and today the organisation made an reputable assertion, wherein the cab aggregator stated that no non-public data of its customers was uncovered inside the records breach through an 18-12 months-vintage hacker.

In its modern announcement, the company stated that its research and reaction efforts are ongoing.”We haven’t any evidence that the incident concerned get right of entry to to touchy consumer data (like ride records),” said Uber.

An 18-yr-vintage hacker had broken into the inner systems of Uber, accomplishing business enterprise equipment together with Amazon Web Services and Google Cloud Platform, and employees concept a person was playing a prank.

The hacker made himself recognised to Uber employees through posting a message at the organisation’s internal communication device Slack.

Uber said that all of our offerings together with Uber, Uber Eats, Uber Freight and the Uber Driver app are operational.

The organization reiterated that it has notified regulation enforcement agencies.

“Internal software gear that we took down as a precaution the day prior to this are coming back online this morning,” the trip-hailing platform added.

In October 2016, hackers hit Uber with a large cybersecurity attack, exposing the exclusive records of 57 million customers and drivers.

This time, the teenage hacker indexed confidential business enterprise statistics and published a hashtag announcing that Uber “underpays its drivers” on inner verbal exchange platform Slack.

The hacker said he broke into the Uber structures due to the fact “they had weak protection”.The tough truth is that maximum orgs in the international may be hacked inside the genuine way Uber become just hacked,” Tobac tweeted. In an interview, she stated “even exceptional tech savvy humans fall for social engineering techniques each day.”

“Attackers are getting higher at by means of-passing or hello-jacking MFA (multi-factor authentication),” said Ryan Sherstobitoff, a senior hazard analyst at SecurityScorecard.

That’s why many protection specialists endorse the use of so-known as FIDO bodily protection keys for consumer authentication. Adoption of such hardware has been spotty amongst tech businesses, however.

The hack additionally highlighted the need for real-time monitoring in cloud-primarily based systems to better stumble on intruders, said Tom Kellermann of Contrast Security. “Much extra interest ought to be paid to protective clouds from inside” because a unmarried grasp key can commonly release all their doorways.

Some professionals questioned how an awful lot cybersecurity has stepped forward at Uber since it became hacked in 2016.

Its former chief security officer, Joseph Sullivan, is currently on trial for allegedly arranging to pay hackers $a hundred,000 to cowl up that high-tech heist, while the personal information of approximately fifty seven million clients and drivers become stolen.The hacker first obtained the password of an Uber worker, likely thru phishing. The hacker then bombarded the employee with push notifications asking they confirm a faraway log-in to their account. When the worker did now not respond, the hacker reached out through WhatsApp, posing as a fellow employee from the IT department and expressing urgency. Ultimately, the employee caved and confirmed with a mouse click on.

Social engineering is a popular hacking approach, as humans tend to be the weakest hyperlink in any network. Teenagers used it in 2020 to hack Twitter and it has more lately been used in hacks of the tech companies Twilio and Cloudflare, said Rachel Tobac, CEO of SocialProof Security, which specializes in training people now not to fall sufferer to social engineering.

    error: Content is protected !!