It looks bad that the ride hailing service has been hacked. The hacker claims to have gained access to the tech giant's network and was able to post a picture of a dick on the company's websites. Since Thursday, when it admitted that it was experiencing a cyber security incident, the company has not commented. There was no evidence that the incident involved access to sensitive user data, according to the company. Based on the information leaked by the culprit, online security researchers have been quick to analyze the episode. At this point, it is not clear if the hacker is telling the truth or not. Gizmodo reached out to several experts to inquire about the hack and get their opinions on how it could have happened. A lot of recent intrusions into large corporate networks seem to have been accomplished using basic hacking techniques. It would mean that one of the biggest tech companies on the planet was just hacked by someone who probably doesn't qualify as more than a script kiddie. The hacker is happy to let everyone know how they got in. In statements posted to a Telegram page and in conversations with the New York Times, the alleged hacker said they tricked an employee into forking over their login credentials through a social engineering attack. Dave Masson is the director of enterprise security at Darktrace. Masson said that the hacker didn't really 'hack' their way in. They tricked someone into giving up their credentials and then walked in the door. Masson said that these kinds of attacks have always been a problem, but they have become more common since the Pandemic. The hacker may have been able to gain access to the corporate network of the ride-sharing company because of the attack. The hacker found a document that included login credentials for other services and areas of the network. It would have been easy to increase privileges after that. Multi-factorAuthentication is the surest way to keep your digital life safe. Users are required to give multiple pieces of information to log into their online accounts. Some forms of MFA are vulnerable to being out-maneuvered by a hacker who uses social engineering or basic Man-in-the-Middle attacks to gain login credentials.How the Hacker Claims to Have Breached Uber
A Flaw in MFA
Bill said that the kind of MFA that is being used is not the most secure kind. FIDO2 is said to be a "phishing-resistant" form of identity verification. FIDO2 is a mechanism that can be used to verify the origin of the prompt from the real login server. The U2F device wouldn't respond if an attacker created a fake login page.
Push notifications, text messages, and one-time-password are some of the standard forms of multi-factorAuthentication.
The easiest way to phish a user of standard MFA is using widely accessible web tools. There is a tool called evilgynx which can be accessed for free on the internet. A tool like this can be used to create a fake login page. The attacker's server can replicate a connection to the real login server if they convince a victim to visit the phish page.
The attacker sends the login request to the real server after the victim enters their credentials. There is no verification done after the victim is prompted for standard MFA. He said that it was a seamless process that allowed the attacker to capture the victim's credentials.
Is user data affected by this incident? There was no evidence that the hacker had accessed sensitive user data. The company hasn't given much context for what that means. It's possible that the hacker could have seen user data, according to security experts that spoke with Gizmodo.
Can it be done? The person said yes. Some of the leaked information appears to show limited access to customer data. What really matters is the extent to which the attacker was able to gain access to customer information. It's not known how much that extent is.
Masson was also in agreement that it was possible. He pointed to the 2016 hack that affected the company, and said that he wouldn't be surprised if that happened again. The impact was terrible. The personal information of over 50 million people was stolen. The company paid the criminals to destroy the data.
What kind of dirt the hacker found on the company's business practices and whether they would know what to look for is the more pertinent question for now.