Uber has suffered a massive data breach that allowed the attacker access to some sensitive internal systems. The company fell victim to a general phishing scam where the attacker pretended to be someone affiliated with the company. They then convinced an employee with high enough access to internal systems to reveal their login information.
The attacker, who was revealed to be an 18-year old, immediatly claimed responsibility and was quite proud of their success. Not only did they gain access to that person’s login but through it was able to find additional login details for other internal systems.
From there, the attacker defaced select internal systems, including the company’s Slack account (a tool, similar to discord, that some companies use for employee communication and collaboration). They also posted screenshot images online as proof of their efforts.
Uber reached out publicly saying that no sensitive information was breached during the attack. Thus all personal information should be safe. However, based on the screenshots and other information shared by the attacker, they might have had much more access than they claim.
We may not know until a further investigation is completed and the company reaches out with any additional information (or is forced to depending on what they find).
Phishing attacks are quite common and have only been getting worse over the years. Many security suite applications offer minimal defenses against some of these attempts, including plugins/extensions that are available for certain mail applications. However, these tools aren’t 100% and many times certain emails and other communications (or fake messages from shadowy websites) can still make their way through.
So be weary and don’t click or respond to anything suspicious. Feel free to reach out to companies directly to confirm if these messages/attempts or legit or something they too should be worried about. Don’t allow yourself to fall victim to one of the most simple hack attempts out there.
