A hacker appears to have broken into Uber’s internal systems and is winning administrative access to his AWS, HackerOne, Google Workspace, Slack, vSphere, and Financial accounts. The hacker, who claims to be 18 years old, tells The Washington Post that they could leak Uber’s source code “in a few months.”
Uber is currently Investigation of the Violation with the help of the authorities. It has not commented on the incident or confirmed the seriousness of the hack. At the time of writing, we only have information provided by the alleged hacker (who is sharing screenshots of Uber’s internal systems) and Uber employees.
The hacker had no major problems breaking into Uber’s systems. They simply tricked an Uber employee into sharing VPN details. Once the hacker accessed Uber’s VPN, they scanned the company’s intranet and found the administrator’s credentials in a Powershell script.
Apparently there was an internal network share that contained powershell scripts…
“One of the powershell scripts contained the username and password for an admin user in Thycotic (PAM). With this I was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite” pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) 09/16/2022
These credentials unlocked Uber’s internal systems. The hacker fast Uber financial data leaked and commented on everything HackerOne tickets. Curiously, they also replaced Uber’s internal webpages with photos of genitals, accompanied by brief messages about Uber employees being “jerkers.” So the teenage hacker is probably British.
The hacker even announced their presence on Uber’s Slackwhich bluntly says, “I’m a hacker and Uber suffered a data breach.” They closed their message with “#uberunderpaisdrives,” a reference to Uber’s refusal to classify drivers as full-time employees.
Uber employees thought the Slack message was a joke. They responded with tons of emojis, Spongebob Memes and the infamous It Happens GIF.
We still don’t know the full extent of this data breach. But for what it’s worth, this hacker seems more interested in pissing off the Uber leadership than collecting personal information. Our main concern is the Uber source code – if it leaks it will likely reveal new vulnerabilities in Uber’s internal systems.
Source: The Washington Post
This article was previously published on Source link