Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Uber Hacked
New on LowEndTalk? Please Register and read our Community Rules.

Uber Hacked

doghouchdoghouch Member
edited September 16 in General

On Twitter (thanks a user on the LET Discord for posting a link to this tweet):

The platform appears to be borked - I cannot sign in without getting a "Oops! Something went wrong" error. I obviously cannot fully confirm the validity of the information, but given their track record on security, I'm not feeling too good....

Edit: The app still appears to work. Not sure about how Uber is reacting, but I'll take a look in the morning.

Edit #2:

Thanked by 2jar darkimmortal
«1

Comments


  • Very funny to see the slack reacts

    Thanked by 1Daniel15
  • AdvinAdvin Member, Patron Provider
    edited September 16

    Their AWS admin, VMware cluster, and Gsuite admin was also hacked :#
    Looks like they're using 600TB in Google Drive storage and 530TB of Gmail storage meaning that they're a fellow datahoarder/Google abuser :p

    Thanked by 2afn TODO
  • jarjar Member, Patron Provider

    That's great. I spent a lot with Uber over 2 years, tipped drivers incredibly well, and then one night a new driver drove past my house and marked food delivered without stopping. They refused a refund, I filed a chargeback and deleted the app. After that, it's hard for me to do anything but smile at the company for experiencing this.

  • MikeAMikeA Member, Host Rep
    edited September 16

    @jar said:
    That's great. I spent a lot with Uber over 2 years, tipped drivers incredibly well, and then one night a new driver drove past my house and marked food delivered without stopping. They refused a refund, I filed a chargeback and deleted the app. After that, it's hard for me to do anything but smile at the company for experiencing this.

    Uber and competitors (Lyft, DoorDash, etc.) all employ the same bullshit tactics for drivers and users. Drivers get shit pay and the companies rely on the end user to tip, if they tip it covers part of the base pay that they should be paying. Uber in general pays the worst base pay, like $2 for food delivery. All customer support is outsourced and it's a huge PITA to get someone to do something other than press one of two buttons that's detailed in their training. Are you a customer buying food and you get scammed? Well hope you get lucky with an outsourced support rep who is just getting through their shift and gives you a refund without caring. Are you a driver who gets scammed by a customer lying? Well you hope you don't get deactivated and your pending pay stolen from you.

    These companies deserve what they get.

    Thanked by 3jar bikegremlin netomx
  • Wow, that's an uber-hack.

    Thanked by 2vyas11 yoursunny
  • jbilohjbiloh Administrator

    Wow that's a very ugly compromise. Seems like it could take a day or longer for them to recover.

  • BingoBongoBingoBongo Member
    edited September 16

    @jar said:
    That's great. I spent a lot with Uber over 2 years, tipped drivers incredibly well, and then one night a new driver drove past my house and marked food delivered without stopping. They refused a refund, I filed a chargeback and deleted the app. After that, it's hard for me to do anything but smile at the company for experiencing this.

    Experienced almost similar situation here in India but they did refund me..

    For their Cab service, it's worse here.. Drivers cancel bookings on their own whenever they feel they will not get booking from my locality (I live in outskirts) when they return after dropping me.. so it's frustrating and have to wait for long to get a driver

    Thanked by 1jar
  • BlaZeBlaZe Member, Host Rep

    @BingoBongo said:
    Experienced almost similar situation here in India but they did refund me..

    For their Cab service, it's worse here.. Drivers cancel bookings on their own whenever they feel they will not get booking from my locality (I live in outskirts) when they return after dropping me.. so it's frustrating and have to wait for long to get a driver

    I uninstalled Uber in 2019 when I was shown 4x fare charges for the same trip when compared to Ola.

    Also, Ola has been far more reliable than Uber, at least in Mumbai - and going back & forth to nearby cities.

    Uber went public and most of the PE/VCs made their money back. The only losers will be the retail investors who bought Uber stocks and the divers+users.

  • I never liked the service.

    It was promoted as "new, inventive" by many "tech. people/journalists," but it basically is and always has been a way to have people working for cheap, and taking a cut from their earnings (by the company owners).

    Along with being a sneaky competition to any taxi services striving towards allowing the drivers to make a decent pay.

    Fuck Uber!

  • jackbjackb Member, Host Rep
    edited September 16

    @bikegremlin said:
    Along with being a sneaky competition to any taxi services striving towards allowing the drivers to make a decent pay.

    Fuck Uber!

    Where I am - Ubers existence pushed taxi drivers to modernise -- accepting card payments and even larger taxi firms having their own apps for booking; whereas previously you had to phone to book and pay in cash.

    The taxis ended up more reliable, almost as convenient and sometimes even cheaper; so I deleted Uber years ago.

  • defaultdefault Member
    edited September 16

    @jackb said:

    @bikegremlin said:
    Along with being a sneaky competition to any taxi services striving towards allowing the drivers to make a decent pay.

    Fuck Uber!

    Where I am - Ubers existence pushed taxi drivers to modernise -- accepting card payments and even larger taxi firms having their own apps for booking; whereas previously you had to phone to book and pay in cash.

    The taxis ended up more reliable, almost as convenient and sometimes even cheaper; so I deleted Uber years ago.

    True. Taxi drivers got more modernised and more serious (for example by not taking longer routes for more money). This happened precisely because of Uber's existence which was cheaper and with routes calculated on app.

    I believe Uber played an important role in improving Taxi drivers, simply because it added some competition to the market. Now (as it is also hacked) it might be a good time for Uber to see impressions and rethink it's position.

  • afnafn Member
    edited September 16

    @jar said: They refused a refund, I filed a chargeback and deleted the app.

    I was refused a refund once too and I am boycotting the app for a dick move the support did with me.

    Can't say I feel great about the hack because well... it is our data that is stolen...

    So should one change the card associated with uber? :open_mouth:

    Thanked by 1jar
  • MikePTMikePT Member, Moderator, Patron Provider

    Phil Lee, Sr. Security Technologist, Uber

    Will be looking for a new job soon.

  • @jackb said:

    @bikegremlin said:
    Along with being a sneaky competition to any taxi services striving towards allowing the drivers to make a decent pay.

    Fuck Uber!

    Where I am - Ubers existence pushed taxi drivers to modernise -- accepting card payments and even larger taxi firms having their own apps for booking; whereas previously you had to phone to book and pay in cash.

    The taxis ended up more reliable, almost as convenient and sometimes even cheaper; so I deleted Uber years ago.

    I see it as a nonsense, and bad in the long run, but I understand that most people don't look very far ahead (or at least not as pesimistically).

  • MikePTMikePT Member, Moderator, Patron Provider

    @jbiloh said:
    Wow that's a very ugly compromise. Seems like it could take a day or longer for them to recover.

    A day?

    Jon, come on.
    This'll take them a month to make sure every access will be secured.

    Thanked by 1netomx
  • vyas11vyas11 Member
    edited September 16

    @MikePT said:
    Phil Lee, Sr. Security Technologist, Uber

    Will be looking for a new job soon.

    Not the greatest of track record for a previous person in similar role.

    The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers.

    https://www.bitdefender.com/blog/hotforsecurity/ubers-former-head-of-security-faces-fraud-charges-after-allegedly-covering-up-data-breach/

    Edit:
    Looking at the screenshots on Twitter e.g.

    It is typical for "hacker" to use a Windows machine? Or are they using it for Pr? So many thoughts of hacker persona came to mind when I saw the pictures. (Following the discussion in the link posted by @doghouch in OP)

    Thanked by 2bikegremlin MikePT
  • jmgcaguiclajmgcaguicla Member
    edited September 16

    That's a lot of compute, should've just kept quiet about breaching , mooched off the hardware, and started a summerhost instead.

    image

  • MikePTMikePT Member, Moderator, Patron Provider

    @jar said:
    That's great. I spent a lot with Uber over 2 years, tipped drivers incredibly well, and then one night a new driver drove past my house and marked food delivered without stopping. They refused a refund, I filed a chargeback and deleted the app. After that, it's hard for me to do anything but smile at the company for experiencing this.

    Have you noticed their new fees?

    Delivery fees, service fee, plus they take 25% (or less) from the restaurants in every single order in Uber Eats. It's ridiculous.

    Thanked by 4yoursunny jar afn netomx
  • MikePTMikePT Member, Moderator, Patron Provider

    @vyas11 said:

    @MikePT said:
    Phil Lee, Sr. Security Technologist, Uber

    Will be looking for a new job soon.

    Not the greatest of track record for a previous person in similar role.

    The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers.

    https://www.bitdefender.com/blog/hotforsecurity/ubers-former-head-of-security-faces-fraud-charges-after-allegedly-covering-up-data-breach/

    Edit:
    Looking at the screenshots on Twitter e.g.

    It is typical for "hacker" to use a Windows machine? Or are they using it for Pr? So many thoughts of hacker persona came to mind when I saw the pictures. (Following the discussion in the link posted by @doghouch in OP)

    __

    I was not aware of this.

    It's their fault, hiring amateurs, by the looks of it.

  • MikePTMikePT Member, Moderator, Patron Provider

    Seriously.

  • Uber is one of the tech startups that contributed most negatively to the society. What goes around comes around...

    Thanked by 1bikegremlin
  • @Tony40 said:
    Uber apparently hacked by teen, employees thought it was a joke

    https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell

    Multiple times while reading that I said under my breath "FEWER memes".

    Thanked by 1bikegremlin
  • yoursunnyyoursunny Member, IPv6 Advocate

    @MikePT said:
    Have you noticed their new fees?

    Delivery fees, service fee, plus they take 25% (or less) from the restaurants in every single order in Uber Eats. It's ridiculous.

    Waiting for cybersecurity surcharge.

    Nowadays I can only afford Uber Eats when they have 40% off promotion.
    Then the final price would roughly equal in-restaurant price.

  • emgemg Member

    @MikePT said:
    Phil Lee, Sr. Security Technologist, Uber

    Will be looking for a new job soon.

    Peiter Zatko has prior CSO experience with a large tech company. He is probably available as a suitable replacement. :-)

    Thanked by 1MikePT
  • MikePTMikePT Member, Moderator, Patron Provider

    @yoursunny said:

    @MikePT said:
    Have you noticed their new fees?

    Delivery fees, service fee, plus they take 25% (or less) from the restaurants in every single order in Uber Eats. It's ridiculous.

    Waiting for cybersecurity surcharge.

    Nowadays I can only afford Uber Eats when they have 40% off promotion.
    Then the final price would roughly equal in-restaurant price.

    Same here.

    Oh, hell no, in regards to the final price, it's way more expensive than going to the restaurant.

    Base commission is 25% to the restaurants, so now the restaurants increase their pricing by at least 25%, then we have the delivery fee, plus a new service fee. It ends up very costly. Sometimes even more expensive than the food you're buying.

    @emg said:

    @MikePT said:
    Phil Lee, Sr. Security Technologist, Uber

    Will be looking for a new job soon.

    Peiter Zatko has prior CSO experience with a large tech company. He is probably available as a suitable replacement. :-)

    I think anyone would be a better fit IMO. There are comments around saying that the Security guy got a social engineered call asking him to accept the MFA requests lol.

  • jbilohjbiloh Administrator

    @MikePT said:

    @jbiloh said:
    Wow that's a very ugly compromise. Seems like it could take a day or longer for them to recover.

    A day?

    Jon, come on.
    This'll take them a month to make sure every access will be secured.

    By "a day" I meant it could take the Uber service offline for a day -- not that a full recovery would take only a day.

    Thanked by 1MikePT
  • emgemg Member

    @emg said:

    Peiter Zatko has prior CSO experience with a large tech company. He is probably available as a suitable replacement. :-)

    >

    @MikePT said:

    I think anyone would be a better fit IMO. There are comments around saying that the Security guy got a social engineered call asking him to accept the MFA requests lol.

    Ouch. His next security job will involve regular nightly patrols, circling an Uber data center in North Dakota. :-(

    We should pause for a moment to pray that we survive our own careers without making an equally awkward mistake.

    Thanked by 1MikePT
  • @Tony40 said:
    Uber apparently hacked by teen, employees thought it was a joke

    https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell

    best part is having plaintext credentials on a NFS/samba share openly available on the company’s intranet lol

  • ChuckChuck Member
    edited September 16

    "Your trust is a top priority for uber, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident.”

    :) .

    feel free to copy and paste on your statement uber shit.

Sign In or Register to comment.