The Situation:
On 15 September, a hacker gained complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data.
The hacker utilized social engineering to gain the access. The hacker sent a text message to an Uber worker claiming to be a company tech employee and persuaded the worker to hand over a password that gave them access to an employee’s Slack account. According to Kevin Reed, CISO at cybersecurity company Acronis, the attacker found privileged credentials on a network file share and used them to access everything, including production systems, Uber’s Slack management interface, and the company’s endpoint detection and response (EDR) portal.
The hacker alerted security researchers to the intrusion by using an internal Uber account to comment on vulnerabilities that had previously identified on the company’s network through its bug-bounty programs. The hacker provided screenshots of various pages from Uber’s cloud providers to prove the break in.
At this time, there is no indication that the hacker has done any damage or was interested in anything more than publicity. Law enforcement was contacted and Uber will be giving additional updates as they become available.
Change all passwords to any Uber accounts immediately
Keep antivirus and device software updated to prevent viruses and malware.
Avoid using unknown USB devices and connections on devices, including flash drives, charging kiosks, other USB devices and chargers, etc.
Strongly consider using a reliable Virtual Private Network (VPN)
Consider removing social media and banking apps from your devices, the contents of which can be inspected by the country you are visiting.
Take only what you need in the form of electronic devices, storage etc. and only take what you are not afraid to lose or consider using a loaner/clean device
Disable remote connectivity, such as Bluetooth and Wi-Fi, which automatically connect to other devices.
Vary passwords across devices, making sure to use strong passwords that contain capital and lowercase letters, symbols, and numbers.
Avoid conducting sensitive activities, such as online shopping, banking, or sensitive work using a public wireless network.
Review and understand the details of an application before installing.
Responsibly browse the web and avoid questionable sites or links or QR codes.
Always log out of all websites, apps, and devices when finished.
Check the local situation (local and social media, embassy, POC at the destination, etc.) prior to travel for updates.
Enroll in a Safe Traveler program to receive warnings from your preferred embassy.
DISCLAIMER and Hold Harmless Disclaimer: LSDS™ gathers information from multiple sources and offers insight and perspective to travelers. Sources cannot be validated for accuracy in every instance. Travelers assume all risk associated with their travel and are responsible for the decisions associated with travel and for their own safety. Users of this reference document agree, to hold harmless LSDS™ (LLC) its employees and clients associated with any risk or injury incurred during travel.