Uber Investigating Computer Network Breach
Uber is responding to security risks after a hacker — identified only by the Telegram handle Tea Pot — purportedly gained control of the company's computer network. The hacker reportedly gained access to Uber's HackerOne account — a platform that helps companies connect with security researchers.
Facts
- Uber is responding to security risks after a hacker — identified only by the Telegram handle Tea Pot — purportedly gained control of the company's computer network.
- The hacker reportedly gained access to Uber's HackerOne account — a platform that helps companies connect with security researchers. However, on Fri., Uber said they found "no evidence" of the hacker having accessed any sensitive user data.
- The breach also seemingly compromised several other internal systems, as someone claiming to be the hacker sent screen shots of email, cloud storage, and code repositories to both cybersecurity researchers and the New York Times.
- Uber employees learned of the breach when the hacker posted a message on the company's internal Slack messaging board, which reportedly included a statement saying Uber drivers "should be better compensated."
- Tea Pot claims the hack was done by tricking an Uber employee into granting them access to the company's virtual private network, which they then used to gain further access to internal systems.
- This comes as Uber's former security chief is currently on trial over his response to a 2016 breach that saw the data of 57M users and drivers compromised.
Sources: Wall Street Journal, New York Times, New York Post, Engadget, and Independent.
Narratives
- Establishment-critical narrative, as provided by PC Gamer. The timing of this hack — which comes as Uber's former security chief is on trial for his disastrous response to the 2016 breach — is ironic. It also reveals that Uber, which has a responsibility to educate its employees on social engineering threats, continues to prove careless with the safety of its data.
- Pro-establishment narrative, as provided by The Verge. A social engineering hack relies on human error rather than vulnerabilities in systems, which is what makes it a particularly dangerous threat that no company is immune to. Rather than jumping to conclusions and playing the blame-game, this should serve as a warning to all of us.