Ride-hailing giant Uber has been hacked again! Coinciding with the start of the last major assault trial



Sina Technology News Beijing time on September 19 morning news, according to reports, in 2016, the US online car giant Uber had a major hacking incident, the company has not yet ended the aftermath of the incident. However, a few days ago, Uber once again broke out the attack, and once again fell into the quagmire of network security.


  On Thursday, a hacker gained access to an Uber employee's Slack account and gained access to the company's Amazon and Google cloud computing platforms. San Francisco-based Uber has now confirmed the hack, and the company is scrambling to assess the damage caused by the hack.


  The timing of this attack is worth pondering. The day after the attack, on Friday, Uber CEO Khosrowshahi testified in court as he participated in U.S. prosecutors' trial of charges related to Uber's former chief security officer, Joe Sullivan.


  In 2016, Uber had a major cybersecurity incident. Hackers invaded the Uber network and obtained the personal privacy of millions of ride-hailing passengers, including names, email addresses, phone numbers, and the license plates of a large number of ride-hailing drivers. stolen. After the incident, Uber concealed itself from the public until a year later, when the company admitted to paying the hackers $100,000. U.S. prosecutors have brought criminal charges against Sullivan, the executive, with intentional obstruction due to his poor handling of the hack.


  Both involve the external platform HackerOne


  Both 2016 and this latest hack reportedly involved Uber's account at the cybersecurity service HackerOne. HackerOne's security services come from some "righteous hackers" who will discover security vulnerabilities of Internet companies, while manufacturers pay certain bonuses to obtain vulnerability information and consolidate platform security. Uber also has a HackerOne account.


  A number of cybersecurity experts told a U.S. financial media outlet that they determined that Thursday's new hacking attack had nothing to do with Uber's current cybersecurity case.

Leo said the depth and breadth of the hack is currently unknown, adding to concerns. The hacker obtained documents related to the bug bounty program and, to make matters worse, access to Uber's operating environment on Amazon's cloud computing platform, where Uber's customer information is likely to be stored.


  All business operations as normal


  Uber said on social media that after the incident, it had contacted the police, froze some internal information systems, including suspending chats on the Slack platform, and the company was investigating whether the hackers’ external claims were true.


  In an official blog post on Friday afternoon, Uber said there was no evidence that hackers had access to sensitive user information, such as ride-hailing trip orders. All of Uber's ride-hailing businesses, food delivery services and express delivery services are currently operating as normal, and some internal software that was suspended on Thursday has been brought back online.


  Regardless of the outcome of the Sullivan trial, a hacker can gain access to a company's internal virtual private network (VPN) through well-known social engineering attacks, said Danielle Jablanski, a security expert at Nozimi Networks in the United States. This situation is frightening.


  Corben Leo, chief marketing officer and security researcher at U.S.-based blockchain security firm Zellic, said the trial that began Friday did not appear to be related to the hack, but the hackers used it to distract Uber from the attack. This hacker has the same demands as 99% of young, immature hackers on the web: fame and money.

source: https://www.sina.com.cn/

Post a Comment