Hacker claims to breach Uber, protection researcher says

Uber says it has reached out to regulation enforcement after the obvious breach of its community

 

SAN FRANCISCO — Uber stated Thursday that it reached out to regulation enforcement after a hacker reputedly breached its community. A protection engineer stated the intruder had supplied proof of acquiring get admission to to essential cloud structures on the ride-hailing service.

There turned into no indication that Uber’s fleet of cars or its operation turned into in any manner affected.

“It looks as if they have compromised lots of stuff,” stated Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That consists of acquiring entire get admission to to the Amazon and Google-hosted cloud environments in which Uber shops its supply code and patron data, he stated.

Curry stated he spoke to numerous Uber personnel who stated they were “running to fasten down the whole thing internally” to limition the hacker’s get admission to. That protected the company’s Slack inner messaging community, he stated.

He stated there has been no indication that the hacker had carried out any harm or turned into inquisitive about whatever greater than publicity. “My intestine feeling is that it looks as if they may be out to get as a great deal interest as possible.”

The hacker had alerted Curry and different protection researchers to the intrusion via way of means of the use of and an inner Uber account to touch upon vulnerabilities that they’d formerly diagnosed at the company’s community thru its bug-bounty program, which can pay moral hackers to discover vulnerabilities.

The hacker supplied a Telegram account cope with and Curry and different researchers then engaged them in a separate conversation, sharing screenshots of diverse pages from Uber’s cloud carriers to show they broke in.

The Associated Press tried to touch the hacker on the Telegram account in which Curry and the opposite researchers chatted with them. But no person responded.

One screenshot published on Twitter and showed via way of means of researchers suggests a talk with the hacker wherein they are saying they acquired the credentials of an administrative consumer after which used social engineering to get admission to Uber’s inner community.

Uber stated through e mail that it turned into “presently responding to a cybersecurity incident. We are in contact with regulation enforcement.” It stated it might offer updates on its Uber Comms twitter feed.