Uber Suffers Breach, Doesn’t Mean You Have To

On Thursday, Uber learned that its computer network had been compromised, prompting the firm to shut down a number of its internal communications and engineering systems as it looked into the scope of the attack.

According to two employees who were not authorized to speak in public, Uber employees were told not to use the company's internal messaging program, Slack, and discovered that other internal systems were unreachable.

Employees at Uber on Thursday got a message that said, "I announce I am a hacker and Uber has suffered a data breach," just before the Slack system was shut down. The message continued by listing a number of internal databases that the hacker claimed were vulnerable.

According to the Uber representative, a hacker gained access to a worker's Slack account and used it to send the message. An explicit photo was posted on an internal information page for staff, suggesting that the hacker was later able to access additional internal systems.

According to the guy who claimed responsibility for the attack, he texted an Uber employee while posing as a corporate information technology expert. Social engineering was used to convince the employee to divulge a password that gave the hacker access to Uber's computer systems.

I'm confident that 95% of LinkedIn users are now aware that Uber experienced a significant security issue. Uber will continue to exist because, in my perspective at least, people will continue to use it and it is significantly less expensive than traditional taxis. However, a large number of companies succumb to cyberattacks and ultimately pay the price.

?My advice is:

1. Train your personnel. When I say train, I don't mean give them a lecture once or twice a decade; I mean provide them continual, interactive training that is based on current learning materials and developing dangers. To determine how your organization as a whole reacts, tie this in with simulated attacks.

2. Make sure MFA/2FA is enabled on all of your accounts and use a reliable password manager. Yes, it can be uncomfortable, but don't compromise security for comfort—doing so could cost you dearly.

3. Verify that you have role-based access controls in place; a janitor, a receptionist, or a member of the sales team shouldn't have domain admin rights.

4. Use a reliable service to back up all of your data.

5. Make sure you have an incident response plan in place to minimize the damage to your business if the worst happens and you become a victim.

6. Keep in mind that there is no magic answer, and if someone promises you will always be safe from harm if you apply their solution, they are not being realistic.

?

For more than 20 years, Jeffrey has been defending business owners and their assets from cyber criminals. To speak with an expert security technician, contact RCS Professional Services or visit our website www.rcsprofessional.com to learn how we can help you.

Sources: https://www.nytimes.com/2022/09/15/technology/uber-hacking-breach.html