Cyber Stories: 18 Year Old Claims Responsibility for Extensive Uber Hack

On Thursday Uber became the victim of a computer network breach forcing the company to take several of its internal communications and engineering systems offline.?

The hacker claiming responsibility for the breach has made his presence known to Uber employees through their internal messaging system Slack. A bug bounty hunter tweeted a screenshot of this message which read: "I announce I am a hacker and Uber has suffered a data breach. Slack has been stolen..." with a hashtag of #uberunderpaisdrives.?

The person claiming responsibility for the hack also sent images of their internal access to cybersecurity researchers and news sources. This includes screenshots of email, cloud storage and code repositories.

The New York Times, one of the news sources that the hacker contacted with evidence of their hack, claims that the hacker tells them he is "18 years old and had been working on his cybersecurity skills for years. He said he had broken into Uber’s systems because the company had weak security." He continues that he gained access to the systems through the social engineering of an Uber employee to obtain login credentials.?

As of yet Uber hasn’t shared much on how they are dealing with the attack but has instead posted an announcement via Twitter which reads: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”

Social engineering attacks are greatly on the rise and every year they are becoming more sophisticated.?

This is not the first time that Uber has been a victim of a breach. In 2016 the Tech giant was a victim of a ransomware attack by which the hackers demanded $100,000 to delete their copy of data including information from 57 million driver and rider accounts. Uber paid the ransom and did not disclose the breach until more than a year since it occurred.?

How Phish Prone are your employees?

Social engineering communications can come in many forms, including text messaging, emails and phone calls. The most prevalent form of social engineering in the UK is phishing attacks with around half of cyberattacks in the UK involving phishing.

Test your employees today to discover how "Phish Prone" they are with this free phishing test. Sign up here to get started.