Hello everyone,
Several podcasts are going to talk about the Uber Breach, and several of them came from The Cyber Wire Daily podcast.
This week, on Security Now, Steve Gibson and Leo Laporte will cover it in the third segment.
We do have a Cyberwire article titled Blame game follows Uber hack. Experts say don’t fault employee. which came out and I thought was interesting.
Reports which I’ve not been able to confirm or deny indicate that it was the Lapsus group, but I thought that group was “shut down” as members were arrested. I’m pointing this out because you’ll hear it and come to me and ask whether this is true.
The Cyberwire has a daily rundown of headlines based on their free daily podcast and this may shed some light on this, but I don’t want to go that far without reading the article.
Uber may even have news on this on their web site and I’m actively trying to figure out what is going on.
From what I’ve heard, it seems like an Uber employee was sent a chat through Whatsapp asking to approve the request for two factor or they would continue bombarding the employee until they did.
If it were me, I’d not even approve anything unless I was the one initiating the request, that is how it is supposed to be done. While the actor in question is reportedly 18 years old, the screen shots apparently are to tools and other internal things that Uber uses.
With that said, Uber has not sent me an email to let me know that I need to do anything and the reports indicate that we don’t need to do anything at this time.
If the JRN learns more substantial information, we’ll be sure to let you know, and if I do talk about this as next week’s topic, you’ll know in the podcast.
I need to start blogging some of this stuff as I get it instead of holding on to it until we do, and this is one of those things. We’re a week old, and the main article I’m linking to is a few days, but I’ve not seen anything since.
Stay safe! RThere are links to other coverage from within this article, so thought I’d pass this along too.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.