Cypress Cyber Consulting

The Recent Uber Hacks

On Thursday, September 8th, 2022, Uber discovered that its computer network had been hacked.

Immediately the company shut off many of its communication and engineering systems to find out the extent and seriousness of this hack.

The infiltration into the system has compromised the company’s internal systems. Person, 18 years old, claiming to be the cause of the hack, has shared the images of emails, cloud storage, and codes with cybersecurity researchers and the leading newspaper “The New York Times.”

According to resources, the person who has hacked Uber’s system has complete access to the company, causing a total compromise.

Uber’s spokesperson has taken to the media and informed that the company is investigating the
matter and contacting law enforcement officials.

Uber employees have been directed not to use the company’s internal messaging service, Slack.

The employees have mentioned that the other internal systems were also inaccessible.

Before the Slack system was taken down on Thursday, the company’s employees received a
message from the hacker stating, “I announce I am a hacker, and Uber has suffered a data
breach.” The message also listed several internal databases that the hacker compromised.

The Uber spokesperson said the hacker used a worker’s Slack account to send the message. The
hacker has stated that he used the “Social engineering” technique to compromise Uber’s systems.
The hacker sent a message to the employee claiming to be a corporate information technology person. The employee was asked to hand over their password, which the hacker used to acquire
access to the company’s system.

A similar technique was also used to hack Twitter, Microsoft, and Okta.

In the end, we arrive at the following conclusive points:

• All major companies like Uber need to have a in-depth defense approach system.
• The hacker used Slack to compromise the company’s system, so to what extent is Slack
compromised?
• Uber needs to have a vendor security and vendor security verification system.
• A company like Uber needs a top-notch security system and a keen eye to check third￾party systems. No wonder who was incharge of this in Uber who left such vulnerability in
the system.
• With sources telling the person who claims to be the hacker has all the access to the
company’s codes and emails, this hack seems to be the tip of the iceberg, and it looks like
more to come.
• And then, at last, the most critical question: Did uber follow the best IT practices with the
least privileges?

About the Author

Safi Mahmood

CEO

Visionary strategist with progressive experience in information security management, end-to-end solution design/architecture, governance, and infrastructure planning for large enterprises within various industries. Transformational leader recognized for leveraging technology as a driving force to maximize profitability and longstanding business growth. Expert in translating evolving industry risks in ambitious technology roadmaps while synergizing people, procedures, and technology around proactive defense. Thought leader capable of motivating high-performing teams to maximize productivity, while forming cohesive multigenerational team environments.