Uber Got Hacked to the Bone

Started by deanwebb, September 16, 2022, 10:20:55 AM

Previous topic - Next topic

deanwebb

https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/

The kid got access to EVERYTHING. Why? No MFA on the VPN, for starters. No MFA on accessing a network share with PowerShell scripts that had admin accounts embedded in them. No PAM on those admin/service accounts to keep them from being used to pwn every system in the house, including their HackerOne database. The attacker got a copy of every one of the reports, including the ones that are still broken, so expect more Uber woes.

Thank goodness the Uber app only has access to my personal information and credit card info. Oh, wait...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

Uber are a bit of a joke of a company. Want to know how I know this? I've used their services, been a customer and tried to contact their support on numerous occasions to report issues (unsuccessfully). Their customer service is handled overseas and there is no ownership by support. So ignoring the customer complaint is the norm. I even reached out to the local country manager. Ultimately he couldnt help, either.

Though, I havent been contacted at all about this breach - maybe it affects only USA customers?

deanwebb

Lol, it affects everyone. They're just out for a very very long long lunch.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.