Last week, Uber suffered something that every company on the planet dreads – a cyber attack.
One of the largest businesses on the planet was hacked by an 18-year-old wanting to prove that he could do it, purely because ‘they had weak security’.
So, how exactly did Uber get hacked so easily, and what could they have done better to prevent it?
How did Uber get hacked?
According to the hacker (so take this all with a pinch of salt), he managed to access Uber’s internal systems through social engineering after purchasing an Uber contractor’s personal login details from the dark web.
What is social engineering?
Social engineering is where a hacker deceives and manipulates your employees into handing over passwords and other important data. This might be done by impersonating a member of your IT team or your service provider.
In the case of Uber, the hacker claimed to use something known as ‘MFA fatigue’ as a weapon.
MFA (multi-factor authentication) is an extra layer of security that makes it significantly more difficult for hackers to access your data, as they also would need access to a secondary device/account, be that a mobile or email account, for example.
In order to fatigue the victim, the hacker spammed them with multi-factor authentication requests for over an hour before contacting them on WhatsApp. At this point, he impersonated a member of the Uber IT team and told them he needed his request authenticated, which the victim then willingly provided in order to stop the constant MFA requests.
This way, without any specialist equipment, the hacker was able to access a high-level Uber account in about an hour.
Who hacked Uber?
The hacker was from a hacking group known as Lapsus$; they’re known for conducting a ransomware attack against the Brazilian Ministry of Health and stealing data from large brands such as Nvidia, Samsung, Microsoft and Vodafone.
Many members have already been arrested, and all of them were teenagers.
What could Uber have done to prevent being hacked?
Unfortunately, installing a firewall and antivirus isn’t enough to stop the likes of the Uber hacker.
Uber had failed the victim in question; they had inadequate cyber security training and were unaware of the dangers and common tactics that hackers use.
Not only this, but tailored cyber security would have been able to detect that the contractor’s password had been compromised and actions to mitigate damage could have been taken before their data was sold. This would have prevented the breach from ever happening.
Secure your business’ data today
While big companies getting hacked like this makes headline news, the thousands of SMEs that get hacked every year do not.
The data that you store is incredibly valuable to hackers, even if you think it isn’t.
Fortunately, there are steps that you can take to protect your business from cyber threats (and we’re here to effectively manage them for you – result!).
Get in touch with our friendly cyber security specialists at Nebula. No two networks are the same, meaning that we’ll create a totally bespoke cyber security offering that’s designed to guarantee your cyber security.
Don’t be like Uber; we can train your team, implement cyber security measures and monitor your environments, meaning you never have to worry about being hacked again.