As more information emerges, here are the latest updates on the Uber hack
This confirms that the investigation and response efforts continue and states that Uber has"no evidence that the incident involved access to sensitive user data " while confirming all Uber services are operational. The update also says that internal software tools that were initially taken offline are also back in operation.
Which is great news as far as it goes. The problem is that the more cynical of readers may cite the very specific language used as not providing real clarity. Saying 'no evidence' is not the same as saying it hasn't happened, combine that with 'sensitive user data' that is only defined in the statement as being 'like trip history', and there are more questions than answers here.
Abhay Bhargav, CEO at AppSecEngineer, says that it appears the MFA phishing attack"led to a PowerShell script getting discovered, with admin credentials to their Thycotic PAM tool. With all credentials being part of this PAM solution, now the entire org was compromised because the PAM had access to Amazon Web Services , Google Workspace, Slack and more.
"This attack has left Uber with a significant amount of data leaked with the potential of including customer and driver’s personal data," Jake Moore, global cyber security advisor at ESET, said."This is seemingly the work of a clever socially engineered attack. Gaining entry to private data inside VPNs needs to be difficult and behind strict protections. This leaves Uber with a lot of questions about how much data was compromised via such an easy method.
It is not known what, if any, customer data might have been accessed at this point in time. This is a developing story, and I will keep updating it as more details emerge.
Australia Latest News, Australia Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Hacker claims to breach Uber network, security researcher saysA security engineer said the intruder provided evidence of obtaining access to crucial systems at Uber.
Read more »
Hacker claims to breach Uber network, security researcher saysA security engineer said the intruder provided evidence of obtaining access to crucial systems at Uber.
Read more »
Hacker claims to breach Uber, security researcher saysA person who communicated with the hacker said, “It seems like they’ve compromised a lot of stuff.”
Read more »
Hacker claims to breach Uber, security researcher saysUber says it has reached out to law enforcement after the apparent breach of its network. uber kprc2 click2houstonhackers
Read more »
Hacker claims to breach Uber, security researcher saysUber says it has reached out to law enforcement after the apparent breach of its network.
Read more »
Uber finds 'no evidence' that sensitive user data was stolen in hack | EngadgetUber has determined that sensitive user data is safe following a hack..
Read more »