How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games

The same youngster who hacked Uber additionally broke into Rockstar Games. Using the precise same technique. They took a common safety feature & weaponized it in opposition to the customers themselves. It all began out with a textual content message: An Uber contractor stored getting push notifications to approve a login to their Uber account. The hacker probable were given their password off the darkish web, however could not log in because of multi-aspect authentication. So they kept looking to log in, spamming the Uber worker with notifs. This is known as an 'MFA fatigue' or 'exhaustion' attack. The hacker dispatched a WhatsApp message claiming to be from Uber IT, telling them to approve the login try or the notifs might continue. The Uber worker accepted the MFA request simply to make the notifs stop.

Just 3 days later, there was another, even bigger attack.

The victim was Rockstar Games, developers of the Grand Theft Auto series of video games.

The hacker, allegedly the same who compromised Uber, leaked gigabytes of video footage & might even have some source code. The attack followed the same pattern: MFA fatigue, which gave access to the shared network.

This attack is potentially even worse than Uber's. Why?

If the attacker has source code for GTA 5, Rockstar's popular online live service game, they could even compromise user data. Credit card info, emails, passwords of millions of players at risk.

The crazy part? The EXACT same MFA-based attack happen to EA Games last year. Hackers are using the very security features of MFA to engineer attacks, turning the tables on us.

Does this mean you can't trust MFA anymore? Not quite. But your approach need to change.

Here's some things can do to improve MFA:

- Set an alert on volume of push attempts per account

- Disable push notifications for authentication. Use one-time pins (OTPs) instead

- Enable number matching for MFA

- Consider using FIDO2

#uber #uberhacked #RockstarGames #gtagame #cyberattack #cybercrime #CyberAlert #CyberAttackers #uberattack #SocialEngineering #CyberSecurityNews #cybersecurityalert #cybersecurityawareness