Uber’s Internal Systems Compromised By An 18 Year Old

Contents

Summary Of The Attack

  • On September 15th, Uber’s internal systems were compromised.
  • The attacker managed to hack the company’s HackerOne account, gained access to a Slack account and obtained full admin on their AWS Web Services and GCP accounts.
  • The entry attack targeted Uber’s employees utilizing a social engineering campaign.
  • Uber is still investigating the incident and some of their internal systems were temporarily disabled due to the hack.
.

What Happened?