The Uber Hack: Breaches are Inevitable, Limiting the Damage is Critical


The Uber Hack

On September 15, 2022, a message was posted in Uber’s slack channel. It read, “I announce i am a hacker and uber has suffered a data breach.” Shortly thereafter, the ride-hailing and delivery company announced that they detected a cybersecurity incident and were addressing the issue with law enforcement. An Uber worker’s personal device was infected with malware, which had exposed their corporate Uber credentials.

Uber Hack Data Breach Slack Screenshot

The hacker, just an 18 year old teen, spammed the worker with repeated Multi-Factor Authentication (MFA) attempts and contacted them through WhatsApp while impersonating Uber’s corporate IT department. The worker finally accepted an MFA prompt, and the attacker was able to access Uber’s network. Once logged in, the attacker was able to obtain elevated privileges to a wide range of platforms through secondary credentials that were discovered.

Uber Hack Data Breach Whatsapp Screenshot Hacker

Ultimately, the hacker scanned an internal Uber network share and discovered a PowerShell script containing a username and password for Thycotic, a security tool, that gave admin access to Uber’s G-Suite, AWS, Duo, Slack, and OneLogin systems. With administrator privileges, notably to OneLogin, the hacker had deep access to a variety of other platforms and content within the Uber network. At this time, Uber has not detected any material impacts; however, it was determined that the attacker downloaded internal financial data and messages from Slack.

Uber Hack Data Breach Whatsapp Powershell Screenshot

Here is a chart made by @ITJunkie summarizing the Uber Hack data breach:

Uber Hack Data Breach Flow Chart by ITJunkie

Perimeter protection is no longer enough

The data breach at Uber should serve as a cautionary tale for organizations.  

Breaches are inevitable; however, limiting the exposure and damage is critical. The first line of defense will always be perimeter and endpoint protection, but that’s no longer enough. Preventing and mitigating this type of exposure demands a much more mature security posture. An often overlooked but prime target for attackers is unstructured data, which can unknowingly contain a goldmine of sensitive information. 

Sensitive data discovery and governance platforms will help ensure that sensitive information including PII, PHI, intellectual property, financial, HR, as well as critical IT-related data – like username and passwords – is properly protected and secured.  

Proactive companies are getting ahead of the curve on this by using these platforms, driven by artificial intelligence and automation, to discover, report, and protect sensitive information that might be “hidden” in their unstructured data.

How to protect sensitive information to limit damage during a data breach

A recent DryvIQ customer had the foresight to envision this exact scenario that Uber experienced – the customer had an internal IT network share that contained PowerShell scripts with sensitive credentials. They utilized DryvIQ’s IT Sensitivity Data Policy to accurately detect usernames, passwords, encryption keys, and other critical information such as internal IP and MAC addresses that were improperly secured. By identifying these vulnerabilities, the customer was able to effectively remediate access to ensure additional protection for those files, making it much more difficult for a future hacker to obtain the keys to their entire kingdom through simple social engineering. 

Cyber-attacks are on the rise – think about how often employees at all levels are hit with phishing scams through emails and even texts to their personal devices – so it’s imperative that organizations leave no stone unturned when it comes to finding and protecting their sensitive data. It’s no longer a matter of “if” a breach occurs – but when and how. With a full understanding of where this sensitive data lives and a trusted solution in place that can automatically protect that data when the breach occurs, organizations can more easily limit the impact radius and prevent further damage. 

DryvIQ is a leading unstructured data management platform that provides deep insights into your sensitive and most important data. Driven by artificial intelligence, DryvIQ continually detects, analyzes, and classifies sensitive and other valuable data and labels the degree of criticality. Furthermore, cost and exposure can be correlated to further understand the impacts of remediating your sensitive data.

Risk management can’t wait. Contact us today to identify and safeguard your sensitive data. 

Ryan Record
Ryan Record