Saturday, October 1

The scandalous story of the teenager who hacked Uber for fun | Digital Trends Spanish


Uber suffered a serious violation of your system earlier this month, allowing the bad actor to wreak all sorts of havoc, from spamming employees’ Slack chats with explicit images to defacing internal websites and stealing sensitive media. The ride-sharing company has now posted a statement updated, blaming the infamous hacking group Lapsus$.

The attack, and the subsequent announcement, were so brazen that some employees took it as a joke from one of their colleagues and responded to the hacker’s message with happy emojis. The hacker revealed to New York Times who was an 18 year old. To rub even more salt into Uber’s wounds, the cybercriminal told Washington Post that it breached the company’s systems for fun and could leak the source code in the coming months.

Post where the leaker directly links themselves to Uber hack. I’ve removed all the screenshots of system access (which you may spot a familiarity with from incidents earlier this year). pic.twitter.com/gvmkcsy5OL

— Kevin Beaumont (@GossiTheDog) September 18, 2022

The hacker in question, who goes by the alias “teapotuberhacker”, is also said to be the brains behind the massive leak of GTA 6 that appeared a few days ago and shook the entire video game industry. The hacker claims to have stolen sensitive material such as game source codes from Rockstar’s systems, but in the case of Uber, the company claims nothing of such severe magnitude happened.

Interestingly, young hackers seem to have a special kind of affinity for targeting Uber. In 2017, a 20-year-old Floridian allegedly stole personal data belonging to 57 million Uber users, but the company sat up for the breach and only revealed it a year later.

Lapsus$, or just teenagers raising hell?

Uber says that it is currently in contact with the FBI and the United States Department of Justice to handle the situation in the future. Interestingly, the FBI recently issued a statement asking for public help to catch the members of the notorious group. The petition came in the wake of high-profile security breaches targeting American tech titans like T-Mobile, Microsoft, and Nvidia, among others.

Members of the group are believed to include a healthy group of teenagers, according to experts cited in a report published by Washington Post. According to a report from the bbc, a duo of 16 and 17-year-olds were charged following an international investigation into cybercrime incidents. Before that, the London police department had arrested seven troublemakers between the ages of 16 and 21 for similar cybercrimes adjacent to Lapsus.

According to a report from Bloombergthe 16-year-old was the brains behind the activities of the Lapsus$ group, and despite living in his mother’s apartment, they managed to amass a fortune worth about 14 million dollars. In the past, the gang has also targeted Samsung, EA, Ubisoft, Vodafone, and Okta, among other recognizable names.

The group attracted wide international attention after Steal the COVID-19 vaccination records of millions of citizens from the Brazilian Ministry of Health systems. In addition to stealing sensitive data, the group has been involved in cyber vandalism and website defacement. The experts told Forbes that the group recently engineered a DNS attack that redirected visitors of the targeted websites to porn sites.

What exactly happened at Uber?

The Uber hacker announced his achievement in quite an epic fashion. According to screenshots circulating on social media, the bad actor posted a message in the Slack employee group stating: “I am a hacker and Uber has suffered a data breach.” The malicious party then proceeded to download the Slack messages along with details of an internal tool used to manage invoices.

Honestly kind of a classy way to hack someone 😂😂😂@Uber pic.twitter.com/fFUA5xb3wv

— Colton (@ColtonSeal) September 16, 2022

Days after the incident was first reported, Uber has now clarified that any sensitive user information, such as account details, ride history, bank account numbers and credit card details, was not stolen. Additionally, vulnerabilities and bugs that were obtained from Uber’s HackerOne control panel have since been patched. Compromised employee accounts that paved the way for an alleged social engineering hack were blocked or had their credentials reset.

To ensure no more damage is done, Uber has also locked down the platform’s codebase and froze any further shipping, while also initiating a passkey rotation policy for its internal systems. Uber says it is currently working with “several leading digital forensics firms” to further investigate the security incident.

Publisher Recommendations










es.digitaltrends.com

Leave a Reply

Your email address will not be published.