Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Slack notification alerted Uber of breach

“I announce I am a hacker and Uber has suffered a data breach,” the message to Uber’s Slack read, alerting the company to the breach.

user iconReporter
Mon, 19 Sep 2022
Slack notification alerted Uber of breach
expand image

“Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from phabricator have also been stolen, along with secrets from sneakers,” the post from Nwave, the company’s hacker, continued.

It was revealed last week that ridesharing platform Uber had suffered a data breach, reportedly not having realised the hack until the infiltrator exposed their exploits on the company Slack.

Leaked screenshots appear to demonstrate the extent of the hack, which allegedly include access to the company’s Amazon Web Services account.

============
============

Speaking to The New York Times, the hacker revealed that they are just 18 years old and gained access into Uber’s internal systems through a social engineering exploit that targeted one of the company’s employees.

Despite taking control of the company’s slack and flaunting their exploits, many of the company’s staff thought the message to be a joke. Leaks from Uber employees detailed how many continued to interact with the hacker.

Sam Curry of Yuga Labs took to Twitter to detail some of the leaks that he had heard from within the company.

“At Uber, we got an ‘URGENT’ email from IT security saying to stop using Slack. Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message ‘F*** you wankers’,” he tweeted.

“Instead of doing anything, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke. After being told to stop going on slack, people kept going on for the jokes. Lmao.”

The hack is the latest instalment in a worrying phishing trend, where employees intentionally engage with malicious users despite the advice of IT and cyber security teams.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.