Teenager Hacks Uber for Fun, Threatens to Leak Source Code – Review Geek

Join 350,000 subscribers and get a daily digest of news, articles, and more.
By submitting your email, you agree to the Terms of Use and Privacy Policy.
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read more…
A hacker appears to have breached Uber’s internal systems, gaining administrative access to its AWS, HackerOne, Google Workspace, Slack, vSphere, and financial accounts. The hacker, who claims to be 18 years old, tells The Washington Post that they may leak Uber’s source code “in a few months.”
Uber is currently investigating the breach with help from the authorities. It has not commented on the incident, nor has it confirmed the severity of the hack. At the time of writing, we only have information provided by the alleged hacker (who is freely sharing screenshots of Uber’s internal systems) and Uber employees.
The hacker didn’t have much trouble breaking into Uber’s systems. They simply tricked an Uber employee into sharing VPN details. Once the hacker accessed Uber’s VPN, they scanned the company’s intranet and found admin login credentials in a powershell script.
Apparently there was an internal network share that contained powershell scripts…
"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite" pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) September 16, 2022

These login credentials unlocked Uber’s internal systems. The hacker quickly leaked Uber’s financial data and commented on all of its HackerOne tickets. Oddly enough, they also replaced Uber’s internal webpages with photos of genitalia, accompanied by short messages about how Uber employees are “wankers.” So, the teenage hacker is probably British.
The hacker even announced their presence on Uber’s Slack, flatly stating “I am a hacker and Uber has suffered a data breach.” They concluded their message with “#uberunderpaisdrives,” a reference to Uber’s refusal to classify drivers as full-time workers.
Uber employees thought that the Slack message was a joke. They responded with tons of emoji, Spongebob memes, and the infamous “it’s happening” GIF.
We still don’t know the full extent of this data breach. But for what it’s worth, it seems that this hacker is more interested in antagonizing Uber leadership than collecting personal data. Our main concern is the Uber source code—if it leaks, it will probably reveal new vulnerabilities in Uber’s internal systems.
Source: The Washington Post
Facebook
Twitter
Instagram
LinkedIn
RSS Feed
The Best Free Tech Newsletter Anywhere
By submitting your email, you agree to the Terms of Use and Privacy Policy.

source

Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…

Leave a Reply

Next Post

Occupiers leave Luhansk Oblast in information vacuum: no Internet, casualties reported Head of Luhansk Oblast Military Administration - Yahoo News

Sat Sep 17 , 2022
OLENA ROSHCHINA — FRIDAY, 16 SEPTEMBER 2022, 10:21Serhii Haidai, the Head of Luhansk Oblast Military Administration claims that the occupation administration has left civilians without any Internet connection; the invaders declare full control of the situation, despite suffering losses during the Ukrainian defenders’ counteroffensive.Source: Serhii Haidai on TelegramQuote: "Occupiers leave people […]
%d bloggers like this: