CyberheistNews Vol 12 #38 | September 20th, 2022
The article continues: ” A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP).
“The attacker is claiming to have completely compromised Uber, showing screenshots where they’re full admin on AWS and GCP,” Sam Curry wrote in a tweet. The security engineer at Yuga Labs, who corresponded with the hacker, added: “This is a total compromise from what it looks like.”
Uber since had shut down online access to its internal communications and engineering systems, while it investigated the breach, according a report by The New York Times (NYT), which broke the news. The company’s internal messaging platform, Slack, also was taken offline.
The hacker, who claimed to be 18 years old, told NYT he had sent a text message to an Uber employee and was able to persuade the staff member to reveal a password after claiming to be a corporate information technology personnel. The social engineering hack allowed him to breach Uber’s systems, with the hacker describing the company’s security posture as weak.
With the employee’s password, the hacker was able to get into the internal VPN, said Acronis’ CISO Kevin Reed in a LinkedIn post. The hacker then gained access to the corporate network, found highly privileged credentials on network file shares, and used these to access everything, including production systems, corporate EDR (endpoint detection and response) console, and Uber’s Slack management interface.”
Quote from WIRED: “One independent security engineer described the OneLogin account access the Uber hacker seems to have had access to as “the golden ticket jackpot.”
Pig Butchering Has Gone Big Time. Your Identity Layer Has to Catch Up.
Kasey Cromer, Netlok | February 28, 2026 Executive Summary “Pig butchering” refers[...more]
Your Workforce Runs on Apps. So Do Attackers.
Kasey Cromer, Netlok | February 23, 2026 Executive Summary Your employees rely on dozens of mo[...more]
When AI Becomes the Con Artist
Kasey Cromer, Netlok | February 12, 2026 Executive Summary Social engineering has always explo[...more]
Agentic AI in the Enterprise: The Security Guide Nobody Gave You
Kasey Cromer, Netlok | January 27, 2026 Executive Summary Autonomous AI agents are now executing cod[...more]
Workplace Security in 2026: When AI, Insiders, and Remote Work Collide
Kasey Cromer, Netlok | January 15, 2026 Executive Summary The uncomfortable truth about workplace se[...more]
How Insider Threats Bypass Security: Why Traditional Authentication Fails in the AI Era
Kasey Cromer, Netlok | January 5, 2026 Executive Summary Insider threats now cost an average of $17.[...more]
Authentication at a Crossroads: Preparing for the AI-Powered Threat Landscape of 2026 and Beyond
Kasey Cromer, Netlok | December 4, 2025 Series Recap Part 1 (November 14, 2025) took a deeper dive i[...more]
The $40 Billion Crisis: How AI-Powered Fraud Is Overwhelming Enterprise Security Teams
Kasey Cromer, Netlok | November 21, 2025 Executive Summary Global cybercrime is now a $10.5 trillion[...more]
AI Deepfakes: Enterprise Security Crisis Demanding New Authentication
Kasey Cromer, Netlok | November 14, 2025 Executive Summary A single deepfake video call cost a multi[...more]
Member – Insider GovTech
FOLLOW US ON SOCIAL MEDIA
©2015-2026 Netlok. All rights reserved.