"Uber Confirms Hack in the Latest Access and Identity Nightmare for Corporate America"
Uber confirmed that it had been hacked in what appears to be a damaging compromise of both internal systems and the company's accounts for multiple third-party services. After gaining access to an employee's work account and posting messages advertising the hack, Uber had to take several of its communications and engineering systems offline, and employees were warned not to use Slack. Security researchers, some of whom claimed to have had contact with the hacker, posted screenshots of internal Uber systems online. It is unclear how widespread the compromise is or whether the hacker gained access to user data, but the threat actor also posted screenshots indicating they have access to Uber's administrative account on third-party services such as HackerOne, a bug bounty platform, and their Amazon Web Services (AWS) cloud server. According to Corben Leo, a security researcher and the chief marketing officer at Zellic, the individual phished an Uber employee in order to gain access to Uber's corporate Virtual Private Network (VPN). Through a shared network resource, they scanned Uber's internal corporate network, finding administrative user credentials for Uber's Thycotic account, a privileged access management system. They were able to access Uber's AWS environment, GSuite, Duo, OneLogin, and other services using this. This article continues to discuss Uber investigating a breach of its systems and accounts.