Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
All fields are required. Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
Uber investigating security breach of several internal systems
Your email has been sent
Communications and engineering systems were taken offline after hacker sends images of repositories to cybersecurity researchers and The New York Times.
Ride-sharing company Uber suffered a security breach Thursday, Aug. 15, that forced the company to shut down several internal communications and engineering systems.
The company confirmed the incidents in a Twitter post, saying officials have been in touch with law enforcement, and The New York Times reported that a person claiming responsibility for the hack sent images of emails, cloud storage and code repositories to cybersecurity researchers and the paper.
Uber employees were told not to use Slack, the company’s internal messaging service, the Times reported. Prior to Slack being taken offline Thursday afternoon, Uber employees received a message that said, “I announce I am a hacker and Uber has suffered a data breach.” The message also detailed several internal databases the hacker claimed had been compromised, according to the Times.
An Uber employee’s Slack account was reportedly compromised by the hacker to send the message. The hacker was apparently able to later gain access to other internal systems and posted an explicit photo on an internal employee information page.
According to the Times, the supposed hacker used social engineering, claiming they were the corporate information technology person at Uber in order to convince an employee to provide a password that allowed the hacker to gain access to Uber’s systems.
SEE: Mobile device security policy (TechRepublic Premium)
It is not clear how widespread the compromise is or if the hacker gained access to user data.
This is not the first time Uber has experienced a security breach. In 2016, the company’s systems were hacked, exposing the personal data of about 57 million of its customers and employees.
Security officials did not appear to be surprised by the breach.
“This was bound to happen as attention to cloud security is often an afterthought,” observed Tom Kellermann, certified information security manager (CISM) and senior vice president of cyber strategy at Contrast Security.
According to Kellerman, cybersecurity isn’t always seen as a business function; instead, it’s viewed as an expense. To avoid such breaches in 2023, Kellerman claims businesses will need to begin focusing on continuous monitoring of cloud-native environments.
“This breach highlights the need for companies to educate their employees about the dangers of social engineering and how to defend against it,” said Darryl MacLeod, vCISO at LARES Consulting. “Social engineering attacks are becoming more common and more sophisticated, so it’s important to be aware of the dangers. If you work for a company that holds sensitive data, make sure you know how to spot a social engineering attack and what to do if you encounter one.”
Keeper Security, a Chicago-based provider of zero-trust and zero-knowledge cybersecurity software, said its research shows the average U.S. business experiences 42 cyberattacks per year, three of them successful.
“While the impact to business operations and financial losses may be the most tangible examples of the damage that these attacks cause, the reputational impacts can be equally devastating,” said Darren Guccione, CEO and co-founder of Keeper Security. “High profile breaches must serve as a wake-up call for organizations large and small to implement a zero-trust architecture, enable MFA (multi-factor authentication), and use strong and unique passwords.”
The first line of defense is a password manager, Guccione said.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
“This will create high-strength random passwords for every website, application and system and, further, will enable strong forms of two-factor authentication, such as an authenticator app, to protect against remote data breaches,” said Guccione.
Guccione stressed the importance of training employees on how to identify suspicious phishing emails or smishing text messages, saying that they “seek to install malware into critical systems, prevent user access and steal sensitive data.”
That sentiment was echoed by Ray Kelly, fellow at Synopsys Software Integrity Group, a Mountain View, California-based provider of integrated software systems.
“There’s a reason cybersecurity experts say that the human is often the weakest link when it comes to cybersecurity,” said Kelly. “While companies can spend significant budget on security hardware and tools, in-depth training and testing of employees does not get the focus it should.”
Social engineering is going to be the easiest route for a malicious actor to gain access to a company’s network, Kelly added.
Preventing security incidents is a “mission impossible,” noted Shira Shamban, CEO at Solvo, a Tel Aviv-based security cloud automation enabler.
“Therefore, security teams will be measured on the guardrails they put in place and the tiers of protection they designed,” Shamban said. “Utilizing IAM (identity and access management) is a smart way to make sure [that] even if some of your credentials are compromised, or some machines get hacked, the blast radius will be limited and the attacker’s ability to make lateral movement will be restricted.”
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Uber investigating security breach of several internal systems
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
The technologies could enable immersive experiences, accelerated AI automation and optimized technologist delivery in the next two to 10 years, according to the firm.
Are you an IT manager or executive trying to make the case for a new ERP vendor? Compare the top ERP software solutions with our list today.
Learn about the new features available with macOS 13 and how to download and install the latest version of Apple’s flagship operating system.
Get great deals on developer and Linux training courses, Microsoft Office licenses and more through these TechRepublic Academy offerings.
This comprehensive guide covers the use of services from multiple cloud vendors, including the benefits businesses gain and the challenges IT teams face when using multicloud.
Recruiting a Scrum Master with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit provides a customizable framework your business can use to find, recruit and ultimately hire the right person for the job. This hiring kit from TechRepublic Premium includes a job description, sample interview questions ...
Knowing the terminology associated with Web 3.0 is going to be vital to every IT administrator, developer, network engineer, manager and decision maker in business. This quick glossary will introduce and explain concepts and terms vital to understanding Web 3.0 and the technology that drives and supports it.
While the perfect color palette or the most sublime button shading or myriad of other design features play an important role in any product’s success, user interface design is not enough. Customer engagement and retention requires a strategic plan that attempts to measure, quantify and ultimately create a complete satisfying user experience on both an ...
IIoT software assists manufacturers and other industrial operations with configuring, managing and monitoring connected devices. A good IoT solution requires capabilities ranging from designing and delivering connected products to collecting and analyzing system data once in the field. Each IIoT use case has its own diverse set of requirements, but there are key capabilities and ...