The details of the hack are not good for the company.
Tweet may have been deleted(opens in a new tab)
On Thursday night, the company said that it had suffered a cyber security incident and was working with law enforcement on the issue. According to a report in the New York Times, the "incident" was a data hack that took many of the company's internal systems offline. We now know a lot more about what happened as a result of the leaks.
How did it fall? A hacker used social engineering techniques to target an employee. The hacker told the New York Times that he posed as an IT worker in a text message and tricked the employee into giving him access.
Josh Yavor, chief information security officer for the cloud security company, said that social engineering is the main way that companies fall victim to breeches. People can be tricked into giving up their passwords if adversaries know that.
The simplicity of the hack and the fact that the company didn't know it was hacked until the teen hacker announced himself is incredible.
Tweet may have been deleted(opens in a new tab)
The hacker sent a message to the person. I announce that I am a hacker and that I have caused a data hack.
The hacker ran down some of the company's internal systems and then called out the company for underpaying its drivers.
The employees thought it was a joke.
Sam Curry, a staff engineer at Yuga Labs, the company behind the Bored Ape Yacht Club NFT project, shared additional information about the hack which he said he received from a contact atUber.
Some of the company accounts that were compromised were the domain admin, Amazon Web Services admin, and GSuite. The hacker's access to these services was shown in the Screenshots.
Tweet may have been deleted(opens in a new tab)
Curry's source said that whenever he requests a website, he is taken to a redacted page with a pornographic image and a message.
According to Curry's contact, many people in the company kept logging back on to check out everyone's jokes, despite the warnings from the company.
Tweet may have been deleted(opens in a new tab)
The hacker was able to gain access to so many internal systems, according to a security researcher who wrote a thread on the matter. After the employee sent his password to the teen, he was able to access the company's intranet and find Powershell script containing credentials for several services.
Tweet may have been deleted(opens in a new tab)
Jack Moore, global cyber security advisor at cybersecurity company ESET, said that gaining entry to private data inside a virtual private network needs to be difficult. The use of an easy method to hack into their systems leaves them with a lot of questions about how much data was compromised.
Moore said that the attack should highlight the importance of training staff to remain eagle eyed and with the ability to spot targetedPhishing attempts and double check before handing over any sort of credentials.
The company has been hacked before. A 20-year-old man was responsible for a security breach that affected 57 million people. The company says that user data wasn't compromised.
All Rights Reserved © 2024
