{"id":493738,"date":"2022-09-16T18:24:29","date_gmt":"2022-09-16T15:24:29","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/teenager-hacks-uber-for-fun-threatens-to-leak-source-code-review-geek\/"},"modified":"2022-09-16T18:24:29","modified_gmt":"2022-09-16T15:24:29","slug":"teenager-hacks-uber-for-fun-threatens-to-leak-source-code-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/teenager-hacks-uber-for-fun-threatens-to-leak-source-code-review-geek\/","title":{"rendered":"#Teenager Hacks Uber for Fun, Threatens to Leak Source Code \u2013 Review Geek"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a373c664f188\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a373c664f188\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/teenager-hacks-uber-for-fun-threatens-to-leak-source-code-review-geek\/#%E2%80%9CTeenager_Hacks_Uber_for_Fun_Threatens_to_Leak_Source_Code_%E2%80%93_Review_Geek%E2%80%9D\" >&#8220;Teenager Hacks Uber for Fun, Threatens to Leak Source Code \u2013 Review Geek&#8221;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CTeenager_Hacks_Uber_for_Fun_Threatens_to_Leak_Source_Code_%E2%80%93_Review_Geek%E2%80%9D\"><\/span>&#8220;Teenager Hacks Uber for Fun, Threatens to Leak Source Code \u2013 Review Geek&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div id=\"article-content-area\">\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-129855\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/09\/7269932f.png?width=1200\" alt=\"The Uber logo on a big banner.\" width=\"1920\" height=\"1080\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\">NYCStock \/ Shutterstock.com<\/span><\/figcaption><\/figure>\n<p>A hacker <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to have breached Uber\u2019s internal systems, gaining <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/vxunderground\/status\/1570597582417821703\">administrative access<\/a> to its AWS, HackerOne, Google Workspace, Slack, vSphere, and financial accounts. The hacker, who claims to be 18 years old, tells <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/technology\/2022\/09\/15\/uber-hack\/\"><em>The Washington Post<\/em><\/a>\u00a0that they may leak Uber\u2019s source code \u201cin a few months.\u201d<\/p>\n<p>Uber is currently <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Uber_Comms\/status\/1570584747071639552\">investigating the breach<\/a> with help from the authorities. It has not commented on the incident, nor has it confirmed the severity of the hack. At the time of writing, we only have information provided by the alleged hacker (who is freely sharing screenshots of Uber\u2019s internal systems) and Uber employees.<\/p>\n<p>The hacker didn\u2019t have much trouble breaking into Uber\u2019s systems. They simply tricked an Uber employee into sharing VPN details. Once the hacker accessed Uber\u2019s VPN, they scanned the company\u2019s intranet and found admin login credentials in a powershell script.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Apparently there was an internal network share that contained powershell scripts\u2026<\/p>\n<p>&#8220;One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite&#8221; <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/FhszpxxUEW\">pic.twitter.com\/FhszpxxUEW<\/a><\/p>\n<p>\u2014 Corben Leo (@hacker_) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hacker_\/status\/1570582547415068672?ref_src=twsrc%5Etfw\">September 16, 2022<\/a><\/p>\n<\/blockquote>\n<p>These login credentials unlocked Uber\u2019s internal systems. The hacker quickly\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/vxunderground\/status\/1570598055560482817\">leaked Uber\u2019s financial data<\/a>\u00a0and commented on all of its\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/samwcyo\/status\/1570577801790783493\">HackerOne tickets<\/a>. Oddly enough, they also replaced Uber\u2019s internal webpages with photos of genitalia, accompanied by short messages about how Uber employees are \u201cwankers.\u201d So, the teenage hacker is probably British.<\/p>\n<p>The hacker even announced their presence <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/ColtonSeal\/status\/1570596125924794368\/photo\/1\">on Uber\u2019s Slack<\/a>, flatly stating \u201cI am a hacker and Uber has suffered a data breach.\u201d They concluded their message with \u201c#uberunderpaisdrives,\u201d a reference to Uber\u2019s refusal to classify drivers as full-time workers.<\/p>\n<p>Uber employees thought that the Slack message was a joke. They responded with tons of emoji,\u00a0<em>Spongebob<\/em> memes, and the infamous <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/giphy.com\/gifs\/paul-comment-ron-5mBE2MiMVFITS\">\u201cit\u2019s happening\u201d GIF<\/a>.<\/p>\n<p>We still don\u2019t know the full extent of this data breach. But for what it\u2019s worth, it seems that this hacker is more interested in antagonizing Uber leadership than collecting personal data. Our main concern is the Uber source code\u2014if it leaks, it will probably reveal new vulnerabilities in Uber\u2019s internal systems.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/technology\/2022\/09\/15\/uber-hack\/\">The Washington Post<\/a><\/small>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/129854\/teenager-hacks-uber-for-fun-threatens-to-leak-source-code\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Teenager Hacks Uber for Fun, Threatens to Leak Source Code \u2013 Review Geek&#8221; NYCStock \/ Shutterstock.com A hacker appears to have breached Uber\u2019s internal systems, gaining administrative access to its AWS, HackerOne, Google Workspace, Slack, vSphere, and financial accounts. The hacker, who claims to be 18 years old, tells The Washington Post\u00a0that they may leak&#8230;<\/p>\n","protected":false},"author":1,"featured_media":493739,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2022\/09\/7269932f.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-493738","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/493738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=493738"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/493738\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/493739"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=493738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=493738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=493738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}