Sina Technology News Beijing time
on September 19 morning news, according to reports, in 2016, the US online car
giant Uber had a major hacking incident, the company has not yet ended the
aftermath of the incident. However, a few days ago, Uber once again broke out
the attack, and once again fell into the quagmire of network security.
On Thursday, a hacker gained access
to an Uber employee's Slack account and gained access to the company's Amazon
and Google cloud computing platforms. San Francisco-based Uber has now
confirmed the hack, and the company is scrambling to assess the damage caused
by the hack.
The timing of this attack is worth
pondering. The day after the attack, on Friday, Uber CEO Khosrowshahi testified
in court as he participated in U.S. prosecutors' trial of charges related to
Uber's former chief security officer, Joe Sullivan.
In 2016, Uber had a major
cybersecurity incident. Hackers invaded the Uber network and obtained the
personal privacy of millions of ride-hailing passengers, including names, email
addresses, phone numbers, and the license plates of a large number of ride-hailing
drivers. stolen. After the incident, Uber concealed itself from the public
until a year later, when the company admitted to paying the hackers $100,000.
U.S. prosecutors have brought criminal charges against Sullivan, the executive,
with intentional obstruction due to his poor handling of the hack.
Both
involve the external platform HackerOne
Both 2016 and this latest hack
reportedly involved Uber's account at the cybersecurity service HackerOne.
HackerOne's security services come from some "righteous hackers" who
will discover security vulnerabilities of Internet companies, while
manufacturers pay certain bonuses to obtain vulnerability information and
consolidate platform security. Uber also has a HackerOne account.
A number of cybersecurity experts
told a U.S. financial media outlet that they determined that Thursday's new
hacking attack had nothing to do with Uber's current cybersecurity case.
Leo said the depth and breadth of
the hack is currently unknown, adding to concerns. The hacker obtained
documents related to the bug bounty program and, to make matters worse, access
to Uber's operating environment on Amazon's cloud computing platform, where
Uber's customer information is likely to be stored.
All
business operations as normal
Uber said on social media that after
the incident, it had contacted the police, froze some internal information
systems, including suspending chats on the Slack platform, and the company was
investigating whether the hackers’ external claims were true.
In an official blog post on Friday
afternoon, Uber said there was no evidence that hackers had access to sensitive
user information, such as ride-hailing trip orders. All of Uber's ride-hailing
businesses, food delivery services and express delivery services are currently
operating as normal, and some internal software that was suspended on Thursday
has been brought back online.
Regardless of the outcome of the
Sullivan trial, a hacker can gain access to a company's internal virtual
private network (VPN) through well-known social engineering attacks, said
Danielle Jablanski, a security expert at Nozimi Networks in the United States.
This situation is frightening.
Corben Leo, chief marketing officer
and security researcher at U.S.-based blockchain security firm Zellic, said the
trial that began Friday did not appear to be related to the hack, but the
hackers used it to distract Uber from the attack. This hacker has the same
demands as 99% of young, immature hackers on the web: fame and money.
source: https://www.sina.com.cn/
.jpeg)
0 Comments