Uber has been hacked

September 22, 2022

A comment by Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks

On 16.09. it was announced that the ride service provider Uber has been the victim of a cyber attack. The attacker was an 18-year-old who was able to obtain the access data of employees using the simplest social engineering techniques. This incident shows that even large, globally active companies are not always exemplarily secured against commonly used attack techniques.

The timing is interesting from a political point of view, even if the motivation seems to be unrelated to the trial according to the news shared. Regardless of the outcome of the trial, it is alarming that an individual was apparently able to gain such widespread access using known social engineering techniques to access an internal corporate VPN. This is a typical teaching example that security experts use to explain to people what damage unauthorised access can really do. This awareness is important to promote better security practices. We always cover such hypothetical situations or report incidents we have seen in practice, but we also advocate responsible disclosure. It does not make a good impression to publicly try to embarrass a company by doing something illegal. 

Related Articles

Companies respond flexibly to staffing problems

If companies are unable to fill all their training places, they tend to hire young people with only a basic school leaving certificate. Nevertheless, the data shows that young people with a high school diploma and those with only a basic school leaving certificate are...

Share This