Uber was hacked. The hacker social engineered an employee -> logged into the VPN and scanned their intranet. 👇
Apparently there was an internal network share that contained powershell scripts... "One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite"
@hacker_ imagine grinding for years to be a top tier level engineer and falling to some probably bozo-tier social engineering scam
@hacker_ Ah, the ol' admin credentials inside scripts on a network share mistake. It's been around since the dawn of time.
@hacker_ @ErrataRob That sounds bad. Fortunately I never use the Internet. Only apps.
@hacker_ Yep.. Seen this kind of attack in live, A little imagination and some good crafted messaging will let you in into everywhere.. We need a plan to move all companies to fido2.. today!!
@hacker_ It is an employee or it is the account of Christopher Duarte Leading Enterprise Apps @ Uber .. Personally I think we are on the continuation of the supplychain attack on codecov and okta :-)
@hacker_ Looks more like an Inside job from these messages…
@hacker_ Curious bout the steps of the social engineering part 🧐
@hacker_ More often than not the most critical points of failure in security infrastructures are precisely the humans that use it.
@hacker_ @etorreborre Ironically, for years I've been warning people to be careful taking Uber and/or Lyft rides, especially shared rides. It's surprisingly easy for a stranger to fish out valuable pieces of information from a casual conversation (such as dog's name, your first school etc).
@hacker_ does anyone know what the goals was of this hack? it looks like publicity right now
@hacker_ Why Powershell scripts instead of some kind of Terraform, Ansible, or another tool with secrets stored in Vault or something similar? And this happened to Uber which was widely exposed to bug bounties programs...
@hacker_ These dumbasses always burn their access straight away with some highschool level troll pranks instead of playing the long game.
@hacker_ If they exfiltrate data, it will be a catastrophic breach. Just think about how huge and how much data Uber will have.
@hacker_ Things like this just show how stupid many people with talent are... he could easily get a big bounty for this and make a name for himself. Instead he prefers to act like a clown for attention. For what? Now he will get arrested, no bounty and ruin his life.
@hacker_ Failure at multiple basic things, chained. A classic. 1. No or improper 2FA for VPN 2. Lack of security awareness of whichever dev wrote that script (as usual) 3. No code scanning for hardcoded creds 4. SMB share with such scripts with the org? Wow.