Uber Details

    Organization Logo

    Uber

    San Francisco, CA30400 employees • Information Technology

    Industry

    Information Technology

    Security Incidents

    1

    Security Incidents

    Uber Breach of Sept 2022
    Severity Score
    Significant to High

    Type

    Phishing Attack

    Summary

    Uber recently dealt with a security breach originating from a compromised contractor's account. The attacker likely obtained the contractor's credentials from the dark web and, after a series of login attempts, managed to infiltrate Uber's systems when the contractor accepted an MFA request. This allowed the attacker to access additional employee accounts and gain elevated permissions, leading to the compromise of tools such as G-Suite and Slack.

    Uber swiftly responded by securing affected accounts, disabling compromised internal tools, rotating keys, and locking down the codebase. Enhanced s...
    Show more

    Severity

    The Uber data breach was facilitated by the hacker gaining access to the network through stolen credentials and an MFA fatigue attack. Once inside, the hacker accessed admin credentials for Uber's Privileged Access Management (PAM) system, and consequently, gained full admin access to critical services including Amazon Web Services (AWS), GSuite, and others. Although no customer data was reportedly stolen, the hacker accessed sensitive internal reports and had the potential to inflict far greater damage, including shutting down systems or deploying ransomware.

    Given the depth of access achiev...
    Show more

    Impact

    In the Uber incident, the hacker initially exploited social engineering techniques to bypass multi-factor authentication (MFA) and gain network access, leading to a substantial data breach. Although customer data appears not to have been compromised, the hacker accessed a significant amount of sensitive internal information, including Microsoft Powershell scripts with admin credentials and the company's bug bounty reports detailing unrepaired security vulnerabilities.

    As part of the breach, the hacker also took control of an Uber employee's Slack account to announce the attack internally, fur...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos