How was Uber hacked in 2016?

The lone hacker apparently gained access posing as a colleague, tricking an Uber employee into surrendering their credentials. Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data.



People Also Ask

At the time, Uber was not just one of the world's fastest-growing companies - it was one of the most controversial, dogged by court cases, allegations of sexual harassment, and data breach scandals. Eventually shareholders had enough, and Travis Kalanick was forced out in 2017.

MORE DETAILS

Uber contends that the Lapsus$ hacking group is responsible for a computer network breach after a hacker broke into its internal systems last week. “They pretty much have full access to Uber,” Sam Curry, a security engineer at Yuga Labs, told The New York Times.

MORE DETAILS

In 2018, Uber paid approximately $7 million to more than 480 current and former employees to settle a 2017 lawsuit alleging gender discrimination, harassment, and a hostile work environment. The lawsuit claimed that Uber used a discriminatory ranking system that undervalued female employees and employees of color.

MORE DETAILS

Uber's former chief security officer has avoided jail and been sentenced to three years' probation for covering up a cyber-attack from authorities. Joseph Sullivan was found guilty of paying hackers $100,000 (£79,000) after they gained access to 57 million records of Uber customers, including names and phone numbers.

MORE DETAILS

SAN FRANCISCO (CN) — When hackers Vasile Mereacre and Brandon Glover teamed up in 2016 and began scouring Github for exploitable security flaws, they weren't looking to hack any one company specifically. But Uber's lax security quickly made the ride-hail giant the pair's top target.

MORE DETAILS

At that time, Uber had recently disclosed to the FTC that it had been the victim of a data breach in 2014 (“2014 Data Breach”) and that the breach related to the unauthorized access of approximately 50,000 consumers' personal information, including their names and driver's license numbers.

MORE DETAILS

In September, ridesharing company Uber disclosed that hackers had stolen the personal information of about 57 million customers and drivers. The days following the attack were full of speculation around how the attacker – allegedly a 17 year old – was able to gain access to the systems.

MORE DETAILS

On September 15, 2022, a hacker used a compromised Uber EXT account to access the company's internal systems after an employee's personal device became infected with malware and their login credentials posted to the dark web.

MORE DETAILS

In 2016, hackers stole information from 57 million driver and rider accounts and then approached Uber and demanded $100,000 to delete their copy of the data. Uber arranged the payment but kept the breach a secret for more than a year.

MORE DETAILS

Least Privilege One strategy used to prevent this sort of breach is to restrict privileges for user and administrator accounts. By implementing the principle of least privilege, an administrator would not have rights to access sensitive production databases within AWS and access the development environment in GitHub.

MORE DETAILS

The ride-hailing service Uber said Friday that all its services are operational following what security professionals were calling a major data breach. It said there was no evidence the hacker got access to sensitive user data.

MORE DETAILS

Nearly three years after driving an Uber around Kalamazoo, Michigan, and randomly shooting and killing six people, Jason Dalton was sentenced Tuesday to life in prison without parole.

MORE DETAILS

Kidnappings involving ride-hailing services are not unprecedented. In 2019, a college student was killed in Columbia, S.C., after she got into a car she mistook for her Uber.

MORE DETAILS