DISSECTING THE UBER SECURITY BREACH: ROOT CAUSE ANALYSIS AND MITIGATION STRATEGIES

Authors

  • Ujjwal Sharma Cyber Security Architect, Production Technology, SLB, India. Author
  • Samruddhi Mangesh Kalekar Technical Business Analyst, SAP, SLB, India. Author

Keywords:

Uber, Social Engineering, PAM, Hardcoded Credential, Data Exfiltration

Abstract

On Thursday, September 15th, 2022, Uber, an American multinational ride-share company, confirmed reports of an organization-wide cybersecurity breach. This concerns how an (allegedly) 18-year-old attacker could hack the ridesharing giant’s IT infrastructure, acquire access to user data, and access vulnerabilities reported to Uber’s HackerOne account. It’s important to note that a single technology solution could not have avoided this breach, nor was it that a single person, company, or provider was to blame. Building on CyberArk Red Team and Labs ‘analysis, let’s delve deeper into the Uber hack, particularly the hard-coded credentials that were reportedly used to gain administrative access. This incident underscores the criticality of stacked defenses, showing how they can effectively collaborate to thwart related attacks. This should instill confidence in our ability to mitigate such breaches in the future, knowing that we have a robust system in place.

References

Uber Newsroom Security update https://www.uber.com/newsroom/security-update/

Uber Users: What You Need to Know About Last Month’s Data Breach https://www.bu.edu/articles/2022/what-you-need-to-know-about-uber-data-breach/#:~:text=Last%20month%2C%20the%20internal%20databases,measures%20made%20the%20breach%20possible

Uber Breach 2022 – Everything You Need to Know https://blog.gitguardian.com/uber-breach-2022/

Case Study: Critical Controls that Sony Should Have Implemented https://sansorg.egnyte.com/dl/xZ10arL86x

Sharma, U. and Kalekar, S.M., Most Prominent Pandemics of Cyber Viruses.

Most Prominent Pandemics of Cyber Viruses - Ujjwal Sharma, Samruddhi Mangesh Kalekar - IJFMR Volume 6, Issue 3, May-June 2024. DOI 10.36948/ijfmr.2024.v06i03.22089

CyberArk Blog Team (2022). Unpacking the Uber Breach. [online] www.cyberark.com. Available at: https://www.cyberark.com/resources/blog/unpacking-the-uber-breach

Golandaz, A. and Sharma, U., IoT Under Siege: The Dark Side of Internet Connected Devices.

IoT Under Siege: The Dark Side of Internet-Connected Devices - Aamerkhan Golandaz, Ujjwal Sharma - IJFMR Volume 6, Issue 3, May-June 2024. DOI 10.36948/ijfmr.2024.v06i03.22797

Downloads

Published

2024-08-24

Issue

Vol. 15 No. 4 (2024): International Journal of Computer Engineering and Technology (IJCET)

Section

Articles