www.talentcanada.ca
Open in
urlscan Pro
50.56.2.116
Public Scan
Submitted URL: https://t.co/9y4NGNbsID
Effective URL: https://www.talentcanada.ca/uber-says-services-operational-after-employee-tricked-in-a-major-data-breach/
Submission: On September 19 via api from CA — Scanned from CA
Effective URL: https://www.talentcanada.ca/uber-says-services-operational-after-employee-tricked-in-a-major-data-breach/
Submission: On September 19 via api from CA — Scanned from CA
Form analysis 5 forms found in the DOM
<form autocomplete="off" aria-label="Ajax search form">
<input aria-label="Search input" type="search" class="orig" name="phrase" placeholder="Search.." value="" autocomplete="off">
<input aria-label="Autocomplete input, do not use this" type="text" class="autocomplete" name="phrase" value="" autocomplete="off">
<input type="submit" value="Start search" style="width:0; height: 0; visibility: hidden;">
</form>Name: options —
<form name="options" autocomplete="off">
<input type="hidden" name="filters_changed" style="display:none;" value="0">
<input type="hidden" name="filters_initial" style="display:none;" value="1">
<div class="asl_option_inner hiddend">
<input type="hidden" name="qtranslate_lang" id="qtranslate_lang1" value="0">
</div>
<fieldset class="asl_sett_scroll">
<legend style="display: none;">Generic selectors</legend>
<div class="asl_option">
<div class="asl_option_inner">
<input type="checkbox" value="exact" id="set_exactonly1" title="Exact matches only" name="asl_gen[]" checked="checked">
<label for="set_exactonly1">Exact matches only</label>
</div>
<div class="asl_option_label"> Exact matches only</div>
</div>
<div class="asl_option">
<div class="asl_option_inner">
<input type="checkbox" value="title" id="set_intitle1" title="Search in title" name="asl_gen[]" checked="checked">
<label for="set_intitle1">Search in title</label>
</div>
<div class="asl_option_label"> Search in title</div>
</div>
<div class="asl_option asl-o-last">
<div class="asl_option_inner">
<input type="checkbox" value="content" id="set_incontent1" title="Search in content" name="asl_gen[]">
<label for="set_incontent1">Search in content</label>
</div>
<div class="asl_option_label"> Search in content</div>
</div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="excerpt" id="set_inexcerpt1" title="Search in excerpt" name="asl_gen[]">
<label for="set_inexcerpt1">Search in excerpt</label>
</div>
</fieldset>
<fieldset class="asl_sett_scroll">
<legend style="display: none;">Post Type Selectors</legend>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="post" id="1customset_11" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_11">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="page" id="1customset_12" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_12">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="virtual-event" id="1customset_13" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_13">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="ve-sponsor" id="1customset_14" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_14">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="ve-agenda-sponsor" id="1customset_15" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_15">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="product-demo" id="1customset_16" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_16">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="podcast" id="1customset_17" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_17">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="ve-agenda" id="1customset_18" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="1customset_18">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
</fieldset>
</form><form autocomplete="off" aria-label="Ajax search form">
<input aria-label="Search input" type="search" class="orig" name="phrase" placeholder="Search.." value="" autocomplete="off">
<input aria-label="Autocomplete input, do not use this" type="text" class="autocomplete" name="phrase" value="" autocomplete="off">
<input type="submit" value="Start search" style="width:0; height: 0; visibility: hidden;">
</form>Name: options —
<form name="options" autocomplete="off">
<input type="hidden" name="filters_changed" style="display:none;" value="0">
<input type="hidden" name="filters_initial" style="display:none;" value="1">
<div class="asl_option_inner hiddend">
<input type="hidden" name="qtranslate_lang" id="qtranslate_lang2" value="0">
</div>
<fieldset class="asl_sett_scroll">
<legend style="display: none;">Generic selectors</legend>
<div class="asl_option">
<div class="asl_option_inner">
<input type="checkbox" value="exact" id="set_exactonly2" title="Exact matches only" name="asl_gen[]" checked="checked">
<label for="set_exactonly2">Exact matches only</label>
</div>
<div class="asl_option_label"> Exact matches only</div>
</div>
<div class="asl_option">
<div class="asl_option_inner">
<input type="checkbox" value="title" id="set_intitle2" title="Search in title" name="asl_gen[]" checked="checked">
<label for="set_intitle2">Search in title</label>
</div>
<div class="asl_option_label"> Search in title</div>
</div>
<div class="asl_option asl-o-last">
<div class="asl_option_inner">
<input type="checkbox" value="content" id="set_incontent2" title="Search in content" name="asl_gen[]">
<label for="set_incontent2">Search in content</label>
</div>
<div class="asl_option_label"> Search in content</div>
</div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="excerpt" id="set_inexcerpt2" title="Search in excerpt" name="asl_gen[]">
<label for="set_inexcerpt2">Search in excerpt</label>
</div>
</fieldset>
<fieldset class="asl_sett_scroll">
<legend style="display: none;">Post Type Selectors</legend>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="post" id="2customset_21" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_21">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="page" id="2customset_22" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_22">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="virtual-event" id="2customset_23" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_23">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="ve-sponsor" id="2customset_24" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_24">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="ve-agenda-sponsor" id="2customset_25" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_25">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="product-demo" id="2customset_26" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_26">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="podcast" id="2customset_27" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_27">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
<div class="asl_option_inner hiddend">
<input type="checkbox" value="ve-agenda" id="2customset_28" title="Hidden option, ignore please" name="customset[]" checked="checked">
<label for="2customset_28">Hidden</label>
</div>
<div class="asl_option_label hiddend"></div>
</fieldset>
</form>POST /uber-says-services-operational-after-employee-tricked-in-a-major-data-breach/#gf_25
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_25" id="gform_25" class="gpoll_enabled gpoll_show_results_link gpoll_block_repeat_voters gpoll gform_legacy_markup"
action="/uber-says-services-operational-after-employee-tricked-in-a-major-data-breach/#gf_25">
<div class="gform_body gform-body">
<ul id="gform_fields_25" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_25_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible gpoll_field" data-field-class="gpoll_field" data-js-reload="field_25_1"><label class="gfield_label">You can only
pick one: Of the following perks, which is most effective at retaining employees?<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_radio">
<ul class="gfield_radio" id="input_25_1">
<li class="gchoice gchoice_25_1_0">
<input name="input_1" type="radio" value="gpoll15bba992f" id="choice_25_1_0">
<label for="choice_25_1_0" id="label_25_1_0">4-day work week</label>
</li>
<li class="gchoice gchoice_25_1_1">
<input name="input_1" type="radio" value="gpoll1ce9fdb5a" id="choice_25_1_1">
<label for="choice_25_1_1" id="label_25_1_1">Flexible working hours</label>
</li>
<li class="gchoice gchoice_25_1_2">
<input name="input_1" type="radio" value="gpoll190c5a50f" id="choice_25_1_2">
<label for="choice_25_1_2" id="label_25_1_2">Work from home</label>
</li>
<li class="gchoice gchoice_25_1_3">
<input name="input_1" type="radio" value="gpoll1e0c07374" id="choice_25_1_3">
<label for="choice_25_1_3" id="label_25_1_3">Unlimited paid vacation</label>
</li>
<li class="gchoice gchoice_25_1_4">
<input name="input_1" type="radio" value="gpoll10b7ec0ba" id="choice_25_1_4">
<label for="choice_25_1_4" id="label_25_1_4">Higher compensation</label>
</li>
<li class="gchoice gchoice_25_1_5">
<input name="input_1" type="radio" value="gpoll1466bfab9" id="choice_25_1_5">
<label for="choice_25_1_5" id="label_25_1_5">Great workplace culture</label>
</li>
</ul>
</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_25" class="gform_button button" value="Submit" onclick="if(window["gf_submitting_25"]){return false;} window["gf_submitting_25"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_25"]){return false;} window["gf_submitting_25"]=true; jQuery("#gform_25").trigger("submit",[true]); }"> <input type="hidden"
name="gform_ajax" value="form_id=25&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_25" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="25">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_25" value="WyJbXSIsIjJjZDI2ZGVjNjRiMDU4OTgwMDYxODE1YWVjYTU1NjEyIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_25" id="gform_target_page_number_25" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_25" id="gform_source_page_number_25" value="1">
<input type="hidden" name="gform_field_values" value=""><a href="javascript:void(0)" class="gpoll_button">View results</a>
<div class="gpoll_summary"></div>
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1663611234028">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>Text Content
COVID-19 UPDATES:
Subscribe
Subscribe
Generic selectors
Exact matches only
Exact matches only
Search in title
Search in title
Search in content
Search in content
Search in excerpt
Post Type Selectors
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
* Menu
* News
* Features
* Columns/Blogs
* Podcasts
* Roundtables
* Events
* Virtual Events
* Events Calendar
* Awards
* Psychologically Safe Workplace Awards
* Info
* Digital Edition
* About Talent Canada
* Advertise
* Contact
Generic selectors
Exact matches only
Exact matches only
Search in title
Search in title
Search in content
Search in content
Search in excerpt
Post Type Selectors
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
×
EXPLORE
* Accommodation/Return-to-work
* Background Screening
* Benefits & Pensions
* Bullying
* Cannabis, Alcohol & Addictions
* Compensation
* Corporate Social Responsibility
* Diversity & Inclusion
* Employee Vacation
* Future of Work
* Employee Wellness
* Engagement
* Federal and Provincial Budgets
* Gig Economy
* Global HR News
* Health & Safety
* HR News
* HR Technology
* Job Creation
* Job Cuts
* Labour Relations
* Learning & Development
* Legal
* Legislation
* Managing/Leadership
* Mental Health
* Offbeat Workplace News
* Politics
* Recognition
* Recruitment
* Relocation
* Retention
* Sexual Harassment
* Workforce Statistics
* Workplace Legislation
* Workplace Violence
* Young Workers
* Digital Edition
* Digital Editon Archives
* Podcasts
NEWS HR TECHNOLOGY
UBER SAYS SERVICES OPERATIONAL AFTER EMPLOYEE TRICKED IN A ‘MAJOR DATA BREACH’
September 16, 2022
By The Associated Press
(Kaspars Grinvalds/Adobe Stock)
BY FRANK BAJAK
The ride-hailing service Uber said Friday that all its services are operational
following what security professionals were calling a major data breach. It said
there was no evidence the hacker got access to sensitive user data.
What appeared to be a lone hacker announced the breach on Thursday after
apparently tricking an Uber employee into providing credentials.
Screenshots the hacker shared with security researchers indicate this person
obtained full access to the cloud-based systems where Uber stores sensitive
customer and financial data.
It is not known how much data the hacker stole or how long they were inside
Uber’s network. Two researchers who communicated directly with the person — who
self-identified as an 18-year-old to one of them — said they appeared interested
in publicity. There was no indication they destroyed data.
Advertisement
But files shared with the researchers and posted widely on Twitter and other
social media indicated the hacker was able to access Uber’s most crucial
internal systems.
> “It was really bad the access he had. It’s awful,” said Corbin Leo, one of the
> researchers who chatted with the hacker online.
He said screenshots the person shared showed the intruder got access to systems
stored on Amazon and Google cloud-based servers where Uber keeps source code,
financial data and customer data such as driver’s licenses.
“If he had keys to the kingdom he could start stopping services. He could delete
stuff. He could download customer data, change people’s passwords,” said Leo, a
researcher and head of business development at the security company Zellic.
HACKER ANNOUNCED BREACH ON INTERNAL SLACK CHANNEL
Screenshots the hacker shared — many of which found their way online — showed
they had accessed sensitive financial data and internal databases. Among them
was one in which the hacker announced the breach on Uber’s internal Slack
collaboration system.
Sam Curry, an engineer with Yuga Labs who also communicated with the hacker,
said there was no indication that the hacker had done any damage or was
interested in anything more than publicity.
> “My gut feeling is that it seems like they are out to get as much attention as
> possible.”
Curry said he spoke to several Uber employees Thursday who said they were
“working to lock down everything internally” to restrict the hacker’s access.
That included the San Francisco company’s Slack network, he said.
SYSTEMS SHUT DOWN AS A PRECAUTION
In a statement posted online Friday, Uber said “internal software tools that we
took down as a precaution yesterday are coming back online.”
It said all its services — including Uber Eats and Uber Freight — were
operational.
The company did not respond to questions from The Associated Press including
about whether the hacker gained access to customer data and if that data was
stored encrypted. The company said there was no evidence that the intruder
accessed “sensitive user data” such as trip history.
Curry and Leo said the hacker did not indicate how much data was copied. Uber
did not recommend any specific actions for its users, such as changing
passwords.
BUG-BOUNTY PROGRAM
The hacker alerted the researchers to the intrusion Thursday by using an
internal Uber account on the company’s network used to post vulnerabilities
identified through its bug-bounty program, which pays ethical hackers to ferret
out network weaknesses.
After commenting on those posts, the hacker provided a Telegram account address.
Curry and other researchers then engaged them in a separate conversation, where
the intruder provided screenshots of various pages from Uber’s cloud providers
to prove they broke in.
The AP attempted to contact the hacker at the Telegram account, but received no
response.
Screenshots posted on Twitter appeared to confirm what the researchers said the
hacker claimed: That they obtained privileged access to Uber’s most critical
systems through social engineering. Effectively, the hacker discovered the
password of an Uber employee. Then, posing as a fellow worker, the hacker
bombarded the employee with text messages asking them to confirm that they had
logged into their account. Ultimately, the employee caved and provided a
two-factor authentication code the hacker used to log in.
Social engineering is a popular hacking strategy, as humans tend to be the
weakest link in any network. Teenagers used it in 2020 to hack Twitter and it
has more recently been used in hacks of the tech companies Twilio and
Cloudflare.
Uber has been hacked before.
Its former chief security officer, Joseph Sullivan, is currently on trial for
allegedly arranging to pay hackers $100,000 to cover up a 2016 high-tech heist
in which the personal information of about 57 million customers and drivers was
stolen.
--------------------------------------------------------------------------------
Print this page
*
*
* Share
ADVERTISEMENT
Stories continue below
Related
Secure those devices: Apple warns of security flaw for iPhones, iPads and Macs
CPA Canada hit by cyberattack, affecting data of more than 329,000 stakeholders
Experts worried about extent of damage to N.L. health system following
cyberattack
Parts of National Research Council website down due to unspecified ‘cyber
incident’
Tags
* Cybersecurity
* Hacking
* Phishing
* Uber
Editor’s Picks
* BEST WORKPLACE SAFETY PRACTICES IN CANADA HONOURED AT GALA CELEBRATION
* BOARDS OF DIRECTORS, NOT GOVERNMENTS, MUST PREVENT SCANDALS LIKE HOCKEY
CANADA’S
* PUTTING THE ‘WORK FROM ANYWHERE’ PHILOSOPHY TO THE TEST IN THE LAND OF
SOCRATES
* GREY HAIR: FINE FOR GEORGE CLOONEY BUT NOT LISA LAFLAMME?
* ‘QUIET QUITTING’: A NEW LABEL, NOT A NEW PHENOMENON
Poll
* You can only pick one: Of the following perks, which is most effective at
retaining employees?*
* 4-day work week
* Flexible working hours
* Work from home
* Unlimited paid vacation
* Higher compensation
* Great workplace culture
View results
Δ
Digital Edition
* VIEW DIGITAL EDITION
* ARCHIVES
* SUBSCRIPTION CENTRE
* Best workplace safety practices in Canada honoured at gala celebration
* Migrants across Canada call on Ottawa for action on regularization, permanent
status
From the Bookstore
LEADING AT A DISTANCE: PRACTICAL LESSONS FOR VIRTUAL SUCCESS
$35.99
TRUST YOUR CANARY
$21.00
TOXIC
$39.99
RESPECT ON-THE-GO™ TOOLKIT FOR LEADERS
$54.00
A QUESTION OF LEADERSHIP
$36.50
CORPORATIONS COMPASSION CULTURE: LEADING YOUR BUSINESS TOWARD DIVERSITY, EQUITY,
AND INCLUSION
$35.99
--------------------------------------------------------------------------------
* Advertise
* Contact
* About Talent Canada
TRENDING
* QUEEN’S PASSING MIGHT MEAN A NATIONAL HOLIDAY IN CANADA
* ‘QUIET QUITTING’ AN OPPORTUNITY FOR EMPLOYERS TO HELP RESHAPE THE WORKPLACE
* SEPT. 19 WILL BE FEDERAL HOLIDAY FOR QUEEN’S FUNERAL: TRUDEAU
* ‘TRAVEL LIKE IT’S 2019’: U.S., CROSS-BORDER ADVOCATES CALLS ON TRUDEAU TO
SCRAP ARRIVECAN APP
* REMOTE WORK DEBATE INTENSIFIES AS COMPANIES MANDATE RETURN TO OFFICE AFTER
LABOUR DAY
* ‘QUIET QUITTING’: A NEW LABEL, NOT A NEW PHENOMENON
* SECOND SHOOTING SCENE IN DEATH OF TORONTO COP WAS PERPETRATOR’S WORKPLACE:
REPORTS
* ONTARIO DROPS FIVE-DAY ISOLATION GUIDELINE FOR COVID-19
* PUTTING THE ‘WORK FROM ANYWHERE’ PHILOSOPHY TO THE TEST IN THE LAND OF
SOCRATES
* ALLEGING JUST CAUSE? DAMAGES FOR LOST WAGES COULD RUN FOR DECADES, SHOWS CP
RAIL RULING
SOCIAL MEDIA
*
*
*
Retweet on Twitter Talent Canada Retweeted
16 Sep
@WorkSafeBC has issued a record penalty of more than $700,000 against GFL
Environmental for workers not wearing proper PPE when dealing with asbestos.
It's the highest penalty it has ever administered.
https://www.ohscanada.com/asbestos-violation-leads-to-record... #OHS #Asbestos
#WorkSafeBC
16 Sep
Uber employee tricked in a major data breach, but company says everything is
operational https://www.talentcanada.ca/uber-says-services-operational-a... #HR
#Hacking #Phishing #Cybersecurity
16 Sep
Congratulations to Ty Arslan, winner of OHS Professional of the Year at OHS
Honours! https://www.ohscanada.com/features/ty-arslan-ohs-professiona...
#OHSHonours #OHS
15 Sep
The team is getting everything set up at Toronto's Globe & Mail Centre for
tonight's gala celebration to unveil the winners of the 2022 OHS Honours and
Psychologically Safe Workplace Awards. #OHSHonours #OHS #GlobeandMailCentre
15 Sep
Monday school closures in honour of Queen Elizabeth leave working parents
scrambling https://www.talentcanada.ca/monday-school-closures-in-honour... #HR
#QueenElizabeth #DayCare
* 1
* 2
* 3
* 4
* 5
--------------------------------------------------------------------------------
* Privacy / CASL
© Copyright 2022 Annex Business Media
I agree We are using cookies to give you the best experience on our website.
By continuing to use the site, you agree to the use of cookies. To find out
more, read our privacy policy.
Notifications
2/3 FREE ARTICLES REMAINING. SUBSCRIBE TO TALENT CANADA NEWSLETTER TO GAIN
UNLIMITED ACCESS.
Close