• World CyberCon India
Data Breaches Firewall Daily

Teen Hacker Allegedly Behind Uber System Breach and GTA 6 Leak

The teen hacker stated that he had already determined a valid username and password to trick an Uber staff member into granting him access.

Teen Hacker Allegedly Behind Uber System Breach and GTA 6 Leak
  • PublishedSeptember 22, 2022

A teen was allegedly the cybercriminal who breached the systems of Uber and Rockstar Games. The 18-year-old came forward to the New York Times to claim the two data breaches. According to an NYT report, the hacker pretended to be an IT worker for Uber and asked one of Uber’s employees for the password on the worker’s Slack account.

The method, known as social engineering, was used by the hacker to manipulate the targets into acting in a certain way regardless of special security measures put in place. The cyber-attacker sent images of emails, cloud storage and code repositories to the American daily to prove the claim of the breaches.

How the teen gained access

The teenage hacker stated that he had already determined a valid username and password to trick an Uber staff member into granting him access to internal systems, independent cybersecurity analyst Graham Cluley posted on his website. The teen managed to do so by sending several multi-factor authentication (MFA) notifications to Uber staff for over an hour.

After receiving several notifications, the staff granted access. Some online comments purported to be made by the hacker also point towards him communicating with the Uber employee on his WhatsApp number.

The hacker then scanned the company’s network and found the credentials of an admin account which helped him gain access to Uber’s internal systems. Following this, the hacker stole internal documents and publicly announced them on the company’s Slack by sending screenshots of its internal systems.

“Hi @here. I announce I am a hacker, and uber has suffered a data breach. Slack has been stolen, confidential data with Confluence, stash and 2 Monorepos from Phabricator have also been stolen, along with secrets from sneakers.#uberunderpaisdrives,” read the message sent by the teen hacker.

Uber asks its staff not to use Slack

Initially, Uber staff did not take the message seriously and responded with emojis as tweeted by the online malware database VX-Underground. However, later the company asked its employees not to use its internal slack messaging system.

Uber clarified that its services were working, and no evidence was found to establish that sensitive data was breached.

The second data breach and leak

Rockstar Games was hacked days after the Uber data breach. The alleged 18-year-old claimed responsibility for the hacking and posted the Grand Theft Auto (GTA) 6 gameplay, which was in its early stages of development, as evidence.

Written By
Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes about cybersecurity-related news like data breaches, ransomware attacks, phishing attacks, etc. She also writes about ongoing cybersecurity-related developments and best practices. When not working, she likes self-reflecting, meditating, volunteering and going for long walks.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.