New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Uber Hacked
On Twitter (thanks a user on the LET Discord for posting a link to this tweet):
The platform appears to be borked - I cannot sign in without getting a "Oops! Something went wrong" error. I obviously cannot fully confirm the validity of the information, but given their track record on security, I'm not feeling too good....
Edit: The app still appears to work. Not sure about how Uber is reacting, but I'll take a look in the morning.
Edit #2:
Comments
Very funny to see the slack reacts
Their AWS admin, VMware cluster, and Gsuite admin was also hacked
Looks like they're using 600TB in Google Drive storage and 530TB of Gmail storage meaning that they're a fellow datahoarder/Google abuser
That's great. I spent a lot with Uber over 2 years, tipped drivers incredibly well, and then one night a new driver drove past my house and marked food delivered without stopping. They refused a refund, I filed a chargeback and deleted the app. After that, it's hard for me to do anything but smile at the company for experiencing this.
Uber and competitors (Lyft, DoorDash, etc.) all employ the same bullshit tactics for drivers and users. Drivers get shit pay and the companies rely on the end user to tip, if they tip it covers part of the base pay that they should be paying. Uber in general pays the worst base pay, like $2 for food delivery. All customer support is outsourced and it's a huge PITA to get someone to do something other than press one of two buttons that's detailed in their training. Are you a customer buying food and you get scammed? Well hope you get lucky with an outsourced support rep who is just getting through their shift and gives you a refund without caring. Are you a driver who gets scammed by a customer lying? Well you hope you don't get deactivated and your pending pay stolen from you.
These companies deserve what they get.
Wow, that's an uber-hack.
Wow that's a very ugly compromise. Seems like it could take a day or longer for them to recover.
Experienced almost similar situation here in India but they did refund me..
For their Cab service, it's worse here.. Drivers cancel bookings on their own whenever they feel they will not get booking from my locality (I live in outskirts) when they return after dropping me.. so it's frustrating and have to wait for long to get a driver
I uninstalled Uber in 2019 when I was shown 4x fare charges for the same trip when compared to Ola.
Also, Ola has been far more reliable than Uber, at least in Mumbai - and going back & forth to nearby cities.
Uber went public and most of the PE/VCs made their money back. The only losers will be the retail investors who bought Uber stocks and the divers+users.
I never liked the service.
It was promoted as "new, inventive" by many "tech. people/journalists," but it basically is and always has been a way to have people working for cheap, and taking a cut from their earnings (by the company owners).
Along with being a sneaky competition to any taxi services striving towards allowing the drivers to make a decent pay.
Fuck Uber!
Where I am - Ubers existence pushed taxi drivers to modernise -- accepting card payments and even larger taxi firms having their own apps for booking; whereas previously you had to phone to book and pay in cash.
The taxis ended up more reliable, almost as convenient and sometimes even cheaper; so I deleted Uber years ago.
True. Taxi drivers got more modernised and more serious (for example by not taking longer routes for more money). This happened precisely because of Uber's existence which was cheaper and with routes calculated on app.
I believe Uber played an important role in improving Taxi drivers, simply because it added some competition to the market. Now (as it is also hacked) it might be a good time for Uber to see impressions and rethink it's position.
I was refused a refund once too and I am boycotting the app for a dick move the support did with me.
Can't say I feel great about the hack because well... it is our data that is stolen...
So should one change the card associated with uber?
Phil Lee, Sr. Security Technologist, Uber
Will be looking for a new job soon.
I see it as a nonsense, and bad in the long run, but I understand that most people don't look very far ahead (or at least not as pesimistically).
A day?
Jon, come on.
This'll take them a month to make sure every access will be secured.
Not the greatest of track record for a previous person in similar role.
https://www.bitdefender.com/blog/hotforsecurity/ubers-former-head-of-security-faces-fraud-charges-after-allegedly-covering-up-data-breach/
Edit:
Looking at the screenshots on Twitter e.g.
It is typical for "hacker" to use a Windows machine? Or are they using it for Pr? So many thoughts of hacker persona came to mind when I saw the pictures. (Following the discussion in the link posted by @doghouch in OP)
That's a lot of compute, should've just kept quiet about breaching , mooched off the hardware, and started a summerhost instead.
Uber apparently hacked by teen, employees thought it was a joke
https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell
Have you noticed their new fees?
Delivery fees, service fee, plus they take 25% (or less) from the restaurants in every single order in Uber Eats. It's ridiculous.
__
I was not aware of this.
It's their fault, hiring amateurs, by the looks of it.
Seriously.
Uber is one of the tech startups that contributed most negatively to the society. What goes around comes around...
Multiple times while reading that I said under my breath "FEWER memes".
Waiting for cybersecurity surcharge.
Nowadays I can only afford Uber Eats when they have 40% off promotion.
Then the final price would roughly equal in-restaurant price.
Peiter Zatko has prior CSO experience with a large tech company. He is probably available as a suitable replacement. :-)
Same here.
Oh, hell no, in regards to the final price, it's way more expensive than going to the restaurant.
Base commission is 25% to the restaurants, so now the restaurants increase their pricing by at least 25%, then we have the delivery fee, plus a new service fee. It ends up very costly. Sometimes even more expensive than the food you're buying.
I think anyone would be a better fit IMO. There are comments around saying that the Security guy got a social engineered call asking him to accept the MFA requests lol.
By "a day" I meant it could take the Uber service offline for a day -- not that a full recovery would take only a day.
>
Ouch. His next security job will involve regular nightly patrols, circling an Uber data center in North Dakota. :-(
We should pause for a moment to pray that we survive our own careers without making an equally awkward mistake.
best part is having plaintext credentials on a NFS/samba share openly available on the company’s intranet lol
"Your trust is a top priority for uber, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident.”
feel free to copy and paste on your statement uber shit.