Judging from screenshots leaked onto Twitter, though, an intruder has compromised Uber’s AWS cloud account and its resources at the administrative level; gained admin control over the corporate Slack workspace as well as its Google G Suite account that has over 1PB of storage in use; has control over Uber’s VMware vSphere deployment and virtual machines; access to internal finance data, such as corporate expenses; and more.
Infosec watcher Corben Leo, meanwhile, said he spoke to the miscreant responsible for this mess, and was told an employee was socially engineered to gain access to Uber’s VPN, through which the intruder scanned the network, found a PowerShell script containing the hardcoded credentials for an administrator user, which were then used to unlock access to all of Uber’s internal cloud and software-as-a-service resources, among other things. After that, everything was at the intruder’s fingertips, allegedly.
From an Uber employee:
Feel free to share but please don’t credit me: at Uber, we got an “URGENT” email from IT security saying to stop using Slack. Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers.”
netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.