Sophos Security Expert Shares Views on Recent Hack

Uber discovered its computer network had been breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack.

Reports from the global ride hailing company suggest that the breach compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and the New York Times.

TechTalk Africa managed to get a Sophos cybersecurity expert who shared views on the Uber hack.

“The Uber hack demonstrates how important identity management backed by strong authentication, such as hardware security keys, are for privileged systems, and why today’s organizations need the ability to detect when attackers exploit, misuse or steal credentials,” said John Shier, a Senior Security Advisor at Sophos.

“As we’ve seen in recent high-profile attacks against large organizations, persistent attackers can and will find a way around multi-factor authentication systems that rely solely on time-based one-time passwords (TOTP) or push-based authentication. The need for compartmentalized access to critical resources, strong authentication and detection of identity-based activity is an important part of an organization’s layered defenses,” John added.

An Uber spokesman said the company was investigating the breach and contacting law enforcement officials.

Uber employees were instructed not to use the company’s internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly.

Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The message went on to list several internal databases that the hacker claimed had been compromised.

The hacker compromised a worker’s Slack account and used it to send the message, the Uber spokesman said. It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees.