Uber Data Breach 2022: What You Need to Know

The world of digital security has been under the spotlight for various reasons in the last year. Several high-profile incidents have directly impacted the general public, from cyber attacks to privacy scandals. 

Uber is the latest company to be caught up in this whirlwind after hackers managed to breach their security and steal sensitive user data from the ride-hailing service. 

This article provides an overview of what happened, what went wrong, and what you can do to keep your accounts safe.

What Caused Breach in Security?

On September 15, Uber announced the news of its system breach. Through social engineering, the hacker compromised an employee’s Slack account. 

During this attack, the hacker persuaded the employee to hand over a critical password that allowed them access to Uber’s systems.

The screenshots the hacker shared with security researchers suggest that this person gained complete access to the cloud-based systems where Uber stores sensitive customer and financial information. 

One of the company employees (who wished to stay anonymous) resource page is said to have had an unsafe work image posted by the hacker.

Some noteworthy points include the following: 

  • First, they failed to monitor login attempts properly. Uber doesn’t receive notifications if third-party tries to log into a business account but fails to enter the network. These failed entry attempts don’t trigger Uber’s security system networks, which shows an apparent lag in the system.

  • Second, Uber failed to restrict the available data to third-party apps. Such easy availability allows hackers to access sensitive information from other linked third-party apps. 

  • Thirdly, there is a possibility this attack was a result of phishing. In phishing, hackers pose as a trustworthy person or entity to gain access to sensitive information. This breach is notable as there have been multiple breaches in Uber’s history. Such multiple violations are unusual, as most breaches only happen once or twice.

How Was Uber’s Security Breached?

According to the 2022 Ponemon Institute’s report, insider attacks increased by 47%, resulting in compromised user credentials. 

An attempt was made by the hacker to socially engineer Uber workers, which resulted in access to a VPN and the company’s internal network. 

Allegedly, an 18-year-old hacker is responsible for stealing data from Uber. However, last week, Uber shared more details about the attack, which notably pinned the threat actor’s affiliation to the notorious LAPSUS$ hacking group.

Uber’s system vulnerability came to the fore when its native Privileged Access Management (PAM) platform admin credentials were compromised. 

Privileged Access Management is a collection of tools and technologies that protects, restricts, and monitors employee access to a company’s vital data and resources. 

Once a hacker enters the network, they get access to PowerShell scripts, which include the domain admin’s account login information in a hard-coded form. 

During the recent breach, the hijacker gained full administrative access to the company’s AWS, vSphere domain, Duo, G Suite, OneLogin, VMware, and other accounts. They even obtained Uber’s source code; screenshots were provided as evidence. 

Since there were no ransom or extortion notes, researchers believe that the hacker performed the engineering attack only for cheap thrills. 

Predefined parameters in a PowerShell script are a significant weakness that gives the attacker such extensive access. These login credentials granted administrator access to Thycotic, a PAM system. 

This tool carries a lot of privileges for the company’s users. It holds both end-user keys for personnel access to internal resources and third-party programs. 

Additionally, it includes DevOps insights used commonly during software development, making it a single failure point. 

The PAM system manages access to several systems. As a result, the attacker had full access to all of Uber’s core systems.

Who Was Affected?

Although the hackers only gained access to some information from Uber’s users, they still managed to breach their security. The breach means the hackers found a way to infiltrate their system and enter other accounts. 

It’s possible the hackers also gained access to sensitive information from other apps tracking users. Therefore, hackers likely gained access to information such as addresses, email addresses, and license numbers (although no evidence proves it yet). 

Such information might include unwarranted access to users’ bank accounts while receiving Social Security benefits in someone else’s name and even driving cars without being detected. 

Some people have questioned Uber’s response to the data breach in light of how they had previously failed to disclose the 2016 breach that cost them $148 million in legal penalties.

Additionally, it’s also been reported that the company didn’t immediately notify everyone affected by the breach, which is unusual. Some people may have been left unaware that their information has been breached.

 

Published on Sep 22, 2022
Tanya Jethwani
Written by Tanya Jethwani
Tanya Jethwani likes to describe herself as a reader any chance she gets. Currently pursuing a bachelor's degree in Mass communication, her goal is to enjoy her time as a news researcher and a writer. She has always wanted to travel the world and listen to a lot of music along the way.

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now