Uber - Revision history

Booda at 00:53, 23 September 2022

2022-09-23T00:53:10Z

← Older revision		Revision as of 00:53, 23 September 2022
Line 6:		Line 6:
	From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.		From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.

	* Source: https://www.uber.com/newsroom/security-update/		* Source: https://web.archive.org/web/20220921070053/https://www.uber.com/newsroom/security-update/

	== Media Coverage ==		== Media Coverage ==
	* https://www.itpro.com/security/369091/uber-hack-started-with-smishing-social-engineering-attack		* https://www.itpro.com/security/369091/uber-hack-started-with-smishing-social-engineering-attack

Booda at 00:52, 23 September 2022

2022-09-23T00:52:35Z

← Older revision		Revision as of 00:52, 23 September 2022
Line 5:		Line 5:

	From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.		From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.

			* Source: https://www.uber.com/newsroom/security-update/

	== Media Coverage ==		== Media Coverage ==

Booda at 00:51, 23 September 2022

2022-09-23T00:51:44Z

← Older revision		Revision as of 00:51, 23 September 2022
Line 5:		Line 5:

	From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.		From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.

	~~Confirmation of method used:~~
	* https://cdn.arstechnica.net/wp-content/uploads/2022/09/teapot-chat01-640x592.jpg

	== Media Coverage ==		== Media Coverage ==

Booda at 00:51, 23 September 2022

2022-09-23T00:51:19Z

← Older revision		Revision as of 00:51, 23 September 2022
Line 1:		Line 1:
	Ride-share giant Uber confirmed that it was responding to “a cybersecurity incident”. A hacker calling themselves "Tea Pot" claims to be the individual who took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company.		Ride-share giant Uber confirmed that it was responding to “a cybersecurity incident” after TeaPot claimed to have hacked Uber. A hacker calling themselves "Tea Pot" claims to be the individual who took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company.

	== Explanation of the Hack ==		== Explanation of the Hack ==

Booda: Created page with "Ride-share giant Uber confirmed that it was responding to “a cybersecurity incident”. A hacker calling themselves "Tea Pot" claims to be the individual who took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company. == Explanation of the Hack == An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor’s Uber corporate password on t..."

2022-09-23T00:50:19Z

Created page with "Ride-share giant Uber confirmed that it was responding to “a cybersecurity incident”. A hacker calling themselves "Tea Pot" claims to be the individual who took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company. == Explanation of the Hack == An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor’s Uber corporate password on t..."

New page

Ride-share giant Uber confirmed that it was responding to “a cybersecurity incident”. A hacker calling themselves "Tea Pot" claims to be the individual who took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company.

== Explanation of the Hack ==
An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s personal device had been infected with malware, exposing those credentials. The attacker then repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.

From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.

Confirmation of method used:
* https://cdn.arstechnica.net/wp-content/uploads/2022/09/teapot-chat01-640x592.jpg

== Media Coverage ==
* https://www.itpro.com/security/369091/uber-hack-started-with-smishing-social-engineering-attack
* https://www.forbes.com/sites/siladityaray/2022/09/20/social-engineering-how-a-teen-hacker-allegedly-managed-to-breach-both-uber-and-rockstar-games
* https://arstechnica.com/information-technology/2022/09/uber-was-hacked-to-its-core-purportedly-by-an-18-year-old-here-are-the-basics/
* https://www.nytimes.com/2022/09/15/technology/uber-hacking-breach.html
* https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell
* https://www.wired.com/story/uber-hack-mfa-phishing/