 |
||
 |
 |
 |
 |
 |
| Major hack at Uber by Mysterio 09/22/2022, 8:39am PDT | ||||
 |
 |
|||
| Internal Slack messages downloaded, invoice tools, gloating messages on their Slack boards, “reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites”.
How did they get access? In its update on the breach, Uber confirmed new details about the hack. The company said the attacker likely purchased an Uber contractor’s corporate password on the dark web after the contractor’s personal device had been infected with malware, exposing those credentials. Hmm...okay, but that doesn't explain how they got around- “The attacker then repeatedly tried to log in to the contractor’s Uber account,” the company said. “Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.” bwa hahahahahahahahaha!!! Giving any sort of access to a doofus whose first response to being spammed for two-factor requests isn't instantly "Holy shit, I better change my password!", but thinks the solution is just hit accept to make it go away. |
||||
 |
 |
|||
|
Major hack at Uber by 09/22/2022, 8:39am PDT  Good ole MFA. Nothing beats it. NT by 09/22/2022, 8:43am PDT Maybe he was driving at the time and couldn't really see what he was doing. NT by 09/22/2022, 9:32am PDT Re: Major hack at Uber by 09/22/2022, 12:41pm PDT |
