Uber Hack...!

Uber Hack...!

UBER GOT HACKED

An 18-y/o boy hacked UBER.

This is a really interesting story. [16-9-2022] A really huge company who spends billions of $ on cybersecurity to make their system powerful. How he get hacked ? Let's spread some light on this topic. A 18 y/o Hacker is behind all this massive uber hack. Uber use HackerOne services as a Bug Bounty program.

So basically, what the hacker did, is read all the reports of Uber Vulnerabilities on HackerOne and sent a message to every security researcher saying, "UBER HAS BEEN HACKED (domain admin, aws admin, vsphere admin, gsuite SA) AND THIS HACKERONE ACCOUNT HAS BEEN ALSO COMPROMISED." He also ended this message by adding his own TELEGRAM username at the end of that message.

As HackerOne also read that message, they immediately shut down Uber's HackerOne account, so that the hacker has no more access to their critical vulnerability reports. Also, the CEO (Marten Mickos) of HackerOne posted a tweet on his official twitter account. The post says, "HackerOne supports its customers. We're in close contact with Uber's security team, have locked their data down, and will continue to assist with their investigation."

Now a hacker started posting all the screenshots to which he got access (HackeOne Admin Pannel, AWS Instances, Google Workspaces, vSphere).

Now let's talk about

How did the 18-y/o boy [HACKER] hacked Uber ?

He simply did SOCIAL ENGINEERING, but how? A normal security researcher reached out to him on his telegram account where they talked about how the hack had been done. In that chat, the hacker said there was a powershell in Uber's network share where some critical credentials had been stored. And then he said, I have done this hack in just 3 steps. EMPLOYEE SOCIAL ENGINEERING -> ACCESS VPN -> SCAN INTRANET.

WHAT ABOUT THE 2FA ?

The hacker spammed the employees' Duo for over an hour, then reached out to them via WhatsApp and told them they were from Uber IT. The employee then approved the 2FA. This is how the hacker bypassed the 2FA and hacked Uber.

FOR MORE TIPS AND GUIDANCE

SOCIAL MEDIA

Did you find this article valuable?

Support Pablo by becoming a sponsor. Any amount is appreciated!