Cyber Attack

13 October 2022

What Happened in the 2022 Uber Data Breach?

3 mins read

Table of Contents

Share post

In mid-September of this year (2022) Uber suffered from a breach of many of their internal systems, including G-suite and Slack. Although the contractor that was hacked had a two-factor authentication system in place, the hacker was still able to force them to accept an approval request that allowed them into the system. This has raised a lot of questions within companies about the effectiveness of two-factor authentication, especially when there hasn’t been any user awareness or phishing training given to their employees. For many, the big questions are: how did this happen, and how can I avoid this happening to me?

What was the Uber data breach?

These are the key points of the breach according to Uber:

  • An Uber EXT contractor had their password compromised.
  • Access was blocked thanks to two-factor authentication, however on one attempt the contractor accepted and the hacker was allowed in.
  • This gave them access to Uber’s internal network,*.corp.uber.com, and eventually to a Privileged Access Management (PAM) system: Thycotic. 
  • The extent of the internal damage is still being investigated, however it seems as though no public-facing systems were attacked e.g. things that hold credit card information, bank accounts or trip history.
  • The attacker is believed to be a part of the hacking group Lapsus$, who have also breached other large companies such as Microsoft, Cisco and Samsung in 2022.

How did it happen?

This type of attack is known as a ‘Social engineering campaign’ and was targeted at a number of Uber employees. Supposedly, the hacker had sent a text message to an Uber worker claiming to be a corporate information technology person, eventually convincing them to hand over their password. These techniques have grown in popularity over the last few years, with the same tactics being used to breach Twitter in 2020. Those that are successful will often share their approach with other hackers to help them succeed, making it more and more difficult for employees to differentiate fraudulent messages or emails from real ones.

How did it compromise the company?

According to Mackenzie Jackson, who is the Security Advocate at GitGuardian, ‘What makes this breach appear so significant is that this does not appear to be a breach of a single system. The attackers seem to have moved laterally between systems for a complete organisation takeover’. Although Uber has tried to claim that the breach has had minimal impact internally, the full effect of the breach has yet to be seen. 

It appears that the hacker wasn’t motivated by money, unlike Uber’s previous breach where hackers asked for $100,000 after stealing information from 57 million driver and rider accounts, which means that disruption was their main aim, However, since the hacker gained access to Uber’s PAM system, they had been privilege to almost all of Uber’s internal systems, making it an incredibly serious incident.

How does this relate to user awareness?

It’s a company’s worst nightmare to find out their internal systems have been hacked, especially if through something so preventable. Cyber security awareness is one of the most important topics for businesses at the moment, however we’ve found that the main point of weakness for hackers is a company’s employees. Social engineering campaigns are getting smarter and smarter by the year, requiring appropriate training in protecting against cyber attacks, spotting phishing emails and staying vigilant.

How can you prevent data breaches?

There are two ways to protect yourself against data breaches:

  1. Enrolling your employees into cyber security awareness training, helping them to keep up to date with the latest scams and keeping your business safe from the inside.
  2. Investing in your business’ cyber security, which can cover everything from Extended Detection and Response (XDR) to network vulnerability assessments.

To find out more about how Cyber Security Awareness can keep your business safe, you can use our online form or call us on: 01256 379 977.

penetration testing vs vulnerability scanning
Education

12 February 2024

Penetration Testing vs Vulnerability Scanning: Why your organisation might need them

Best practices for business passwords in 2024
Education

5 February 2024

Best Practice for Business Passwords 2024

Small business employees working at on opposite sides of the room
Education

18 December 2023

UK Small Businesses Need to Invest in Cyber Security