https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/
The kid got access to EVERYTHING. Why? No MFA on the VPN, for starters. No MFA on accessing a network share with PowerShell scripts that had admin accounts embedded in them. No PAM on those admin/service accounts to keep them from being used to pwn every system in the house, including their HackerOne database. The attacker got a copy of every one of the reports, including the ones that are still broken, so expect more Uber woes.
Thank goodness the Uber app only has access to my personal information and credit card info. Oh, wait...
Uber are a bit of a joke of a company. Want to know how I know this? I've used their services, been a customer and tried to contact their support on numerous occasions to report issues (unsuccessfully). Their customer service is handled overseas and there is no ownership by support. So ignoring the customer complaint is the norm. I even reached out to the local country manager. Ultimately he couldnt help, either.
Though, I havent been contacted at all about this breach - maybe it affects only USA customers?
Lol, it affects everyone. They're just out for a very very long long lunch.