Announcing that it was hacked in the past hours, Uber did not make any statement about the attack. The hacker who organized the attack shared many details on social media.
Uber, which started its operations in 2019 and has been one of the largest private transportation network companies in the world since then, is generally known for being banned after the problems experienced with taxi drivers in our country. However, this incident is actually the smallest incident that has happened to Uber.
About 4 years ago, Uber announced in 2017 after a CEO change. admitted to having the data of its 57 million users stolen. Uber officials, who covered the incident for a year, announced that they tried to solve the problem themselves, but they could not succeed. In the past months, one of the former executives of the company gave some information to the US government and the press, including Uber’s Turkey. He tried to make himself accepted by lobbying in almost all countries. appeared.
Uber hacked again
The company, which has been constantly attacked by small attacks after the last big hack, made a statement today. are the victims of a massive attack. and reported that law enforcement officers intervened in the incident. The authorities, who made a statement again in the past hours, stated that all their systems are working and stated that they could not find any evidence that user information was stolen.
Anonymous users investigating such cyber attacks of the attack reached the hacker, who is only 18 years old, and reached many details about the attack. Let’s learn together how this very simple but effective attack is made.
It all started with social engineering
Uber, a software company called Duo, is a world-renowned software company for its employees to “secure” access to their accounts. Multi-factor authentication (Multi Factor Authentication or MFA). Thanks to this system, even if you entered your information correctly, it would send you a verification code (or simply ask for your approval), thus increasing your security.
The hacker, who knows the system that Uber uses, has a social engineering Uber followed the employee and began to learn about himself. Preparing his plans for his hunt, the hacker created a fake Uber login page. After obtaining the victim’s login information through this page, the last thing the hacker needed was MFA approval.
To the Uber employee consecutive login notifications for hours The hacker, who sent it, then reached the employee via WhatsApp and said that there was a malfunction in the system. must approve one of the notifications told. The employee approved the notification, and thus the hacker infiltrated the system.
So what did the hacker achieve?
Screenshots posted by the hacker via an anonymous user
Sharing screenshots of the system he hacked, Hacker had taken over the account of a team worker who took the necessary actions in the event of an emergency. In this way, all Slack channels of the company, records of previous cyber attacks, backed up files and even The hacker, who can even see the records of customers who spend money, in addition to all of these, almost also has access to the company’s AWS (Amazon Web Services) system. had unlimited access.
Although the hacker does not disclose what documents or what kind of information he received to those who spoke to him, many security experts also keep the hacker’s private information from users. may have acquired as much data as the company’s financial records. is thinking.
RELATED NEWS
Confessor of Uber Scandal, Former Executive of the Company Released: Here Are His New Confessions About Uber
Stating that they conveyed the situation to the authorities, Uber decided to make more explanations on the subject. refused.