1 min read

Uber hacked by 18-year old using social engineering

An 18-year-old hacked Uber using social engineering on an employee to steal their password.

Using the stolen credentials, the hacker accessed the company's internal systems, such as its intranet, email and Slack, and many critical Uber IT systems, including its security software.

Social engineering - using psychology to manipulate people - has become increasingly popular and used in attacks against companies like Twitter, MailChimp and Robinhood (among many others). However, since it uses our weaknesses on an individual psychological level, limiting the risk needs to be done through awareness and security drills.

Since the hacker has breached Uber's internal communication tools – email, Slack and intranet – it becomes additionally complex for the organisation to manage the attack. As of now, Uber employees have been instructed not to use Slack.

Does your organisation have a backup plan for sharing critical information? For example, if the channels you typically use when communicating get hacked.

If not, you should take two actions:
1. Make a plan for this type of scenario, and identify your backup communication channels
2. Run a security drill where you practice this scenario within your organisation

I wouldn't recommend testing new communication channels for the first time in the mids of an ongoing hacking attack.