Scribd
Upload
203 views

Uber Data Breach - Cyber Security Case Study

Uploaded by

anish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
203 views

Uber Data Breach - Cyber Security Case Study

Uploaded by

anish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

UBER DATA BREACH CASE STUDY

-Anish, 40821018, Section B

The Uber data breach began with a hacker purchasing stolen credentials belonging to
an Uber employee from a dark web marketplace. An initial attempt to connect to Uber’s
network with these credentials failed because the account was protected with MFA. To
overcome this security obstacle, the hacker contacted the Uber employee via What’s
App and, while pretending to be a member of Uber’s security, asked the employee to
approve the MFA notifications being sent to their phone. The hacker then sent a flood of
MFA notifications to the employee’s phone to pressure them into succumbing to this
request. To finally put an end to this notification storm, the Uber employee approved an
MFA request, granting the hacker network access, which ultimately led to the data
breach.
After completing the attack, the hacker compromised an Uber employee’s Slack
account and announced the successful breach to the entire company.

This isn’t the first time Uber has been hacked. In 2016, two hackers breached Uber’s
systems, accessing names, email addresses, and phone numbers of 57 million users of
the Uber app.

What Data Did the Hacker Access?


After successfully connecting to Uber’s intranet, the hacker gained access to the
company’s VPN and discovered Microsoft Powershell scripts containing the login
credentials of an admin user in Thycotic - the company’s Privileged Access
Management (PAM) solution. This discovery significantly increased the severity of the
breach by facilitating full admin access to all of Uber’s sensitive services, including DA,
DUO, Onelogin, Amazon Web Services (AWS), and GSuite.
The hacker also allegedly accessed Uber’s bug bounty reports which usually contain
details of security vulnerabilities yet to be remediated.
The 18-year-old hacker, believed to be associated with the cybercriminal group,
Lapsus$, revealed the details of the attack in a conversation with cybersecurity
researcherCorben Leo.

Was any Sensitive User Data Stolen During the Uber Breach?
Despite the deep level of compromise the hacker achieved, no evidence of customer
data theft has been announced. This is likely because the hacker wasn’t intent on
causing harm but was, rather, chasing the thrill of a successful cyberattack and the
hacker community respect that comes with it.
Had the hacker been motivated by financial gain, he would have likely sold Uber’s bug
bounty reports on a dark web marketplace. Given the devastating data breach impact
that’s possible with the findings of a bug bounty program, it would have sold for a very
high price.
To say that Uber is lucky this hacker wasn’t an actual cybercriminal is a significant
understatement. The company came so close to a complete system shutdown. From a
cybersecurity perspective, it seems almost unbelievable that after taking complete
control of Uber’s systems, the hacker just dropped everything and walked away. Without
any security obstacles left to overcome, it would have been so easy to tie off the breach
with a quick installation of ransomware.
Given Uber’s poor reputation for handling extorsion attempts, thankfully, this didn’t
happen. When Uber was breached in 2016, the company paid the cybercriminals their
$100,000 ransom in exchange for deleting their copy of the stolen data. Then, in an
attempt to conceal the event, the company forced the hackers to sign a non-disclosure
agreement and made it appear like the ransom payment was an innocuous reward
within the company’s bug bounty program.

4 Key Lesson From the Uber Data Breach


Several critical cybersecurity lessons can be learned from the Uber data breach. By
applying them to your cybersecurity efforts, you could potentially avoid suffering a
similar fate.

1. Implement Cyber Awareness Training


The fact that the Uber employee eventually gave into the flood of MFA requests in the
initial stage of the attack is evidence of poor awareness of a common MFA exploitation
tactic known as MFA Fatigue. Had the Uber employee been aware of this tactic, they
would have likely reported the threat rather than falling victim to it, which would have
prevented the breach from happening. The hacker also utilized social engineering
techniques to fool the Uber employee into thinking they were a member of Uber’s
security team, which is another common cyberattack tactic.
Implementing cyber awareness training will equip your staff to recognize the common
cyberattack methods that made this breach possible - MFA fatigue and social
engineering.
The following free resources can be used to educate your employees about common
cyber threats and the importance of cybersecurity

2. Be Aware of Common MFA Exploitation Methods


Not all Multi-Factor Authentication protocols are equal. Some are more vulnerable to
compromise than others. Your cybersecurity teams should compare your current MFA
processes against common exploit tactics and, if required, upgrade the complexity of
authentication protocols to mitigate

3. Never Hardcode Admin Login Credentials Anywhere (Ever)


Probably the most embarrassing cybersecurity blunder in this incident is the hardcoding
of admin credentials inside a Powershell script. This meant that the potential of an
unauthorized user accessing uber’s sensitive systems was always there - all that was
required was for someone to read the Powershell script and discover admin credentials
contained therein.
This security flaw would have been avoided ifsecure coding practices had been
followed. Admin credentials should always be stored securely in a password vault and
certainly never hardcoded anywhere.

4. Implement a Data Leak Detection Service


If the Uber hacker had more malicious intentions, customer data woud have been
stolen, published on the dark web, and accessed multiple times by cybercriminals
before Uber even realized it was breached. It’s crucial for organizations to have a safety
net in place for detecting dark web data leaks from undetected data breaches, from both
first-hand and third-party attacks.
A data leak detection service notifies impacted businesses when sensitive data leaks
are detected on the dark web so that cybersecurity teams can secure compromised
accounts before they’re targeted in follow up attacks.

You might also like