Uber worker allegedly gave password to an IT impersonator
Friday, September 16, 2022
An 18-year-old hacker is claiming responsibility for what is believed to be a huge breach of security controls at Uber.
Ilia Kolochenko, founder of ImmuniWeb and a member of the Europol Data Protection Experts Network, was more skeptical about the identity of the attacker.
“The allegedly immense scale and scope of the data breach may evidence a carefully planned and rigorously executed attack by a sophisticated threat actor,” he said in a statement. “The reported social engineering attack vector – in isolation from other activities – seems to be highly improbable here, as many different and critical systems have been simultaneously compromised. One may, of course, hypothesize a total lack of internal security controls (e.g. MFA) and massive password reuse at Uber, however, this version currently seems to be unpersuasive.
“We should wait for the official statement from Uber once the investigation is over: it is possible that Uber fell victim to a sophisticated cyber threat actor looking to get sensitive information about locations and trips of VIP persons, journalists, and politicians, whilst the disclosed version of the incident is just a smoke screen.” Read Full Article
Security Boulevard: California Regulators Hit Sephora with $1.2M Fine