Data Breach

Uber Data Breach

0 records exposed • September 2022

A teenager broke into Uber by spamming an employee with login approval requests until they gave in. The hacker then posted in Uber's Slack saying "I am a hacker."

What Happened

An 18-year-old hacker breached Uber by spamming an employee with MFA requests until they approved one. The attacker gained access to internal systems and posted in Slack.

Attack method: MFA fatigue attack

What Data Was Exposed

Internal Slack messages, Internal dashboards, Source code, Security reports

Is your business exposed?

What to Do If You're Affected

1.
For Uber employees: Reset credentials
2.
Review any sensitive data you shared via Uber

Lessons for Businesses

• MFA fatigue is a real attack vector
• Push-based MFA has weaknesses
• Defense in depth is essential

Sources

https://www.uber.com/newsroom/security-update/

Related Breaches

Uber 2016, Lapsus Nvidia

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required