A comment by Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks
On 16.09. it was announced that the ride service provider Uber has been the victim of a cyber attack. The attacker was an 18-year-old who was able to obtain the access data of employees using the simplest social engineering techniques. This incident shows that even large, globally active companies are not always exemplarily secured against commonly used attack techniques.
The timing is interesting from a political point of view, even if the motivation seems to be unrelated to the trial according to the news shared. Regardless of the outcome of the trial, it is alarming that an individual was apparently able to gain such widespread access using known social engineering techniques to access an internal corporate VPN. This is a typical teaching example that security experts use to explain to people what damage unauthorised access can really do. This awareness is important to promote better security practices. We always cover such hypothetical situations or report incidents we have seen in practice, but we also advocate responsible disclosure. It does not make a good impression to publicly try to embarrass a company by doing something illegal.