How Uber Could have Avoided September 2022 Data Breach

A 17 Year old hacked ride-hailing company for fun, added security for hard-coded admin credentials would have saved Uber from this disaster.
By: Vivek Basavegowda Ramu
HARTFORD, Conn. - Oct. 3, 2022 - PRLog -- er (UBER) on September 15th 2022 at 6:25pm PT, admitted to having a Cybersecurity incident. It all started when a 17 year old hacker was able to acquire access to user data by breaking into the Uber`s IT infrastructure by using social engineering techniques where hackers take advantage of people's gullibility to gain access to the account. As a result of this attack, Uber share declined 5% by September 16th 2022.

"I announce I am a hacker and Uber has suffered a data breach." - says the 17 year-old attacker in Uber`s Slack Messenger.

Main reason behind the attacker gaining access to the Uber system is a combination of contractor account having added privileges, hard-coded admin credentials, multi-platform access using admin privileges within IT/Cloud infrastructure.

While it is not easy to eliminate all risks, but companies should definitely strengthen the security by removing and credentials which are embedded, through audit of the system to remove any hard-coded credentials and if it is required to be hard-coded then added security should be inplace, these days hackers are also getting better with bypassing MFA (Multi-factor-authentication) and this can be avoided if employees proactively and swiftly report phishing activities, third-party and contractors should have least required access, all security key and secrets should be equipped with additional security and finally just in-time access should be provided for the accounts where required instead of permanent elevated access.
Source:Vivek Basavegowda Ramu
Email:*** Email Verified
Location:Hartford - Connecticut - United States
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse

Like PRLog?
Click to Share