Young hacker tricks way into Uber's system: reports

Young hacker tricks way into Uber's system: reports

A hacker claiming to be 18 years old posted screenshots taken from inside Uber computers
A hacker claiming to be 18 years old posted screenshots taken from inside Uber computers. Photo: JUSTIN SULLIVAN / GETTY IMAGES NORTH AMERICA/Getty Images via AFP
Source: AFP

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ find the “Recommended for you” block on the home page and enjoy!

Uber said Friday it was investigating a "cybersecurity incident," declining to comment on reports a young hacker had gained access to the ride-hailing company's computer network.

Uber put out word of the breach late Thursday in a tweet, and a hacker claiming to be 18 years old then posted screenshots taken from inside Uber computers.

"He says that he simply -- having already determined a valid username and password -- tricked an Uber staff member into granting him access to internal systems," independent cybersecurity analyst Graham Cluley said at his website.

Online comments purported to be by the hacker indicated he targeted an Uber employee with notifications for more than an hour, then reached out to the worker via WhatsApp claiming to be member of the company's tech support team.

Read also

UK probes Microsoft's $69 bn bid for gaming giant

"Many other companies are probably at risk of falling for a similar trick," Cluley said.

Uber said Friday that its services were all operational and that it had "no evidence that the incident involved access to sensitive data" such as users' trip history.

PAY ATTENTION: Follow Briefly News on Twitter and never miss the hottest topics! Find us at @brieflyza!

Employee software tools shut down as a precaution were being gradually restarted, the San Francisco based company added.

"There's a reason cybersecurity experts say that the human is often the weakest link," said Ray Kelly, a fellow at Synopsys Software Integrity Group in Silicon Valley.

"Whether it be phishing/SMS attacks or a simple phone call to get an employee to give up their credentials, 'social engineering' is going to be the easiest route for a malicious actor."

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.