A teenager hacked Uber. Uber thought it was a joke
Uber’s internal infrastructure was breached. The hacker told the New York Times that he is only 18 years old. The company is already investigating the incident and has involved law enforcement officers.
The teenager claims to have obtained administrative rights to access Uber accounts from various services, including cloud platforms Amazon Web Services and Google Cloud. During the investigation, the company disabled a number of internal tools used by employees, such as Slack.
It was through a hacked corporate Slack that the hacker revealed himself to employees. A screenshot of his message went viral on Twitter. The hacker also wrote what information Uber got hold of and added a hashtag accusing the company of underpaying drivers.
Honestly kind of a classy way to hack someone 😂😂😂@Uber pic.twitter.com/fFUA5xb3wv
— Colton (@ColtonSeal) September 16, 2022
The post was so cheeky that many Uber employees initially thought they were being pranked. They reacted with funny emojis and gifs and began to play along with the author of the message.
In an interview with the Washington Post, the hacker said that he hacked Uber as a joke and is going to post the company’s source code online. He was allowed to penetrate Uber’s systems using credentials he obtained from one of the employees through social engineering. This gave him access to an internal corporate VPN. Later on the intranet, he found scripts passed down that allowed him to hack the company’s AWS and GSuite.
Apparently there was an internal network share that contained powershell scripts…
"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite" pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) September 16, 2022