One really good question is why they had powershell scripts lying on shared drives with admin credentials in it seriously beside the obvious human factor this seems to be the biggest misstep in here honestly
Uber were damn lucky it was a kid, if this had been anyone else they would be having a going-out-of-business lawn sale about now. Uber should give the kid a bounty and learn from this- it would have been so much worse.
Yeah, aside from the stock plummeting, like... What have they even done? Just posted proof that they're in. They could have broken everything, but just... didn't. Most of this is Uber's fault.
True I really hope they don't sue him and they actually benefit from him. Uber is sooooo dumb and stupid tho... I wonder how bad their IT engineers are Imagine keeping an admin account's username and password on a network share available for all other employees...
@@aaaaaa-hh8cq Unfortunately the first thing is most likely to happen. The person who did this does seems to be on the autistic spectrum. He has done this type of social engineering/mule acts before, and even got arrested for it. And i think many Sysadmins/IT technicians can see themself guilty to the script with admin creds lol
I love how we are so used to hacks like this that we don't even blink at the sentence: 18 year old hacks company causing stock to lose billions of dollars xD
Don't know if the kid should be ruthlessly punished or be give an Award for putting up a show of how Sloppy and Gullible these multi-billion dollar Companies are 😅
Hopefully they put him into a bootcamp or something like that to reform him and teach him how to use his talents for good. However, since they're legally an adult, idk if that's even an option. Also, I'd be surprised if they don't already know who he is.
@@blacksparrow2868 lol true ... Don't expect a company who puts sensitivity data in a PowerShell script and keeps it in their network share which is accessed by all employees... 🤣🤣🤣🤣🤣
@@aaaaaa-hh8cq I have seen this many times. Clear Text Password in scripts and when you advise the Business that this is poor security and they need to change it, The Business normally chooses not to fix it as by the time you have told them, they are using that on many Business critical systems that they are scared to mess with. Crazy as it is, but this type of poor security will keep me in a job for the rest of my life.
Ah yes, no safeguards against 2FA spam on the authenticator's end and hardcoding admin credentials in a PowerShell script. These guys really are the gold-standard for security.
@@blacksparrow2868 The job of a cybersecurity employee is to mitigate the human as much as humanly possible. As part of that, controlled access is among the most important and effective policies an IT administrator can implement. Employees should NEVER have access to another employee's security information *under ANY circumstances*. As for the authenticator app, a basic check to see how many times a particular server/application/source has requested authentication permission in the last 6 hours and prevent its requests from going through if enough have already gone through.
@@BellCube Yes, mitigate the human as much as possible is the key point of the MFA, however you can not stop the human from by passing those mitigating controls as shown in the Uber case. Too few push notifications means you are not alerting of change in permission context, so missing a real attack. Trust me, I have seen it where someone has 1 app open in the background which has gone passed its allocated time of use and requires the User to get re-authorised and the User is busy on another urgent task and will just ignore the multiple push notification as they are busy, and will sometimes just click YES so they can get on with their work. As I said, humans are humans and mitigation can only go so far. Look at the 2022 DBIR, 82% of actual breaches had a human element to them.
Two things I want to say: 1.Congrats on getting into uni 😊 2.The person who did the cybercrime of hacking uber was actually arrested a few months after this was made fulfilling Seytonics prophecy lol
They should hire this guy instead of taking him to court. He didn’t want to cause harm, he was genuinely interested in breaching security. He should not be a prisoner. He should be a pentester!
Rule No. 1 of the white hat world is don't break the law. If he get's caught he won't find work in this world (legally) afterwards. Black hat hackers with a criminal record that get hired by big companies after are very rare.
He vandalized bug bounty reports and more importantly, the public announcement of the hacking itself made Uber's stocks drop sharply (maybe hundred millions dropped). The damage was pretty big, it wasnt really harmless.
The only way to get better security in these Businesses, is for the customer to stop dealing with them. Just look at the Uber share price over the past 6 months, this cyber incident only dropped a small amount compared to all the other Business risks they have to deal with. If customers started to stop using these Businesses then it would change the Exec Team attitude to Cyber Security.
@@blacksparrow2868 If customers stop using them they will try to cut costs. Dying companies are notorious for terrible security. If there are more devastating attacks they might learn. People need to somehow voice their concerns. With banks it’s pretty straightforward to just buy Bitcoin because they will see their deposits drop as Bitcoin’s price rises but just losing business doesn’t really tell them what’s going on.
The kid saved them. An experienced hacker could have completely obliterate the company. And they wouldn't even know until the everything goes to hell. In my opinion they should reward the kid instead
Uber is one of those companies / apps where I visit their website and the UI / UX is so simple yet so buggy and unfunctional that I am worried everytime I enter any kind of personal information. I am not surprised and I am very happy they got hacked, hopefully they learn from their shitty development practices.
Imagine how awful their IT engineers are ... Keeping sensitive data on a fuckin powershell script in a network share available to all employees... All customers should be worried ... 🤣
Holy shit, that's a fucking insane hack. That's absolutely devastating, and it's an 18-year-old hacker. They're 100% getting hired by someone, I'd be amazed if they didn't. As simple as the hack was, it's still impressive.
He could have potentially gone short on uber stock and made a lot of money off of that. This method is more discrete as there is no extortion or transactions of any sort.
I hope he isn't prosecuted for more than push notification harassment, if he did not caused direct harm to the company (excluding the reputation). The malicious intent/activity is what differentiate criminal hacking from the rest.
he'll be charged no doubt, getting in any system and not doing anything even if you just guessed the password is illegal, hoping the jury goes easy on him though he is only 18
I think your comment misunderstands the criminality here. He gained unauthorized access to a private computer system for his own gains. Just because he didn't leverage this into more lucrative criminal activity doesn't mean that isn't crime.
@@ceticx @Will Stikken Fair enough. Technically speaking he used site-impersonation and harassment to gain unauthorized and clearly protected access to an employee's account. Usage of the hard-coded password is an information he found in protected context with unauthorized access and guessing password is illegal. But if he was actually an Uber employee, then it would be different. It should not be enough to declare something legally protected without an actual protection. My point: Technical competence of public corporation that carry user data should be a requirement, not a right.
For example if am area is private property but there is no fence around it, there's nothing stopping anyone feon trespassing, but they can still be punished for it if they do
Management never want to hear it when you tell them most data breaches are the result of human error or social engineering. The master hacker hexing all the company's diligent (and compliant to the letter) implementations of best practices with their black sorcery is the story they would prefer to tell shareholders, as opposed to Jared sticking a USB marked "nr0p" he found in the carpark in his workstation terminal.
See this is what I absolutely love about hacking - it's usually not some overly complicated process that requires alot of computing power and software, it's mostly just social engineering, predicting people's behavior and using it for personal gain.
Remember RSA Tokens 🙂 It certainly raises the barrier, however many Businesses are unwilling to spend that extra money and inconvenience their end users.
@@blacksparrow2868 A u2f key can remain inserted in the computer whereas as an rsa token is more tedious for the user because they have to keep entering a code manually. Granted, it’s not good for physical security to keep a u2f key inserted but most of these attacks are done remote. Yubikey makes a lower profile u2f key designed for leaving plugged in all the time.
@@martinlutherkingjr.5582 That is not how Business works. Its sad, but "Share Holders" would not stand for lower profits just for better Security as the tiny dip in Share Price for Uber will be back up in a few weeks. There are greater Business Risks to their Business than a security breach. For most breaches, its only the customers who suffer and maybe a few token people get fired, however the Business goes on.
We don't really know what this hacker wants. It is an assumption that the hacker is 18 years old, that is according to the hacker him/herself. What if he finds all kinds of evidence of illegal activities. Let it be hacktivism. Would love to know more how dirty Uber is inside, when we can already see clearly how the abuse their drivers in public. Hope you will keep on it and update us again. Cheers..
If you ever get a 2fa/mfa notification that wasn't directly you, change your password straight away. If that password is shared on anything then change it on those places too, preferably a unique password for each
How very oldskool and refreshing. I miss the Good old days when we hacked just for fun. Oh... & start Global thermal nuclear war whilst playing Tic TacToe. Cheerz Tonic.
while really not important to most people, uber stock price will recover as they will forget about all this in a few weeks. and as how patagonia has implied, stock prices distract public companies from their stated mission statements and making money becomes the ultimate shortsighted end goal than any actual worthwhile meaning behind their own services to users.
totally agree, Just look at Uber share price over past 6 months, this drop is tiny compared to all the other Business Risks they need to deal with. And Everyone(customers) is to blame for this, if customers were like "I am not going to use Uber anymore because of this security breach" then it would be a different matter. However as it stands, The Board is not going to change their security stance unless it costs them big.
Not the fault of the employee. If a single employee's compromise can cause such damage to a company like Uber, the problem is elsewhere. This should have been handled upstream.
You have to respect the fact he was just trolling instead of using ransomware to extort millions of dollars out of the company which is what any other hacker would have done.
Excellent, i hope Uber faces bankruptcy. It harms society more than it does good, it's a giant scam. Rips off the uber workers and makes the work of a taxi driver more precarious. This guy is a workers hero.
last time I ordered from uber was tracking the driver.. food was picked up and driver was literally around the corner i was at my front door waiting as he was close by. all of a sudden "order camcelled" I got onto support who rang me within a few minutes. told me there was an "error with the otder" and I'd get a refund to my bank within 1-3 business days. No refund happened. When I emailed them again they said sorry because you order was more than 24hours ago we cannot issue you a refund. Even tho I was told previously I'd get a refund. Never again will I use the service. The driver ate the food no doubt!
It just goes to show that a competent todler could hack a tech company if they really wanted to. Social engineering is extremely powerful and a literal 15 yr old can gain access to a billion dollar company.
This guy hacked rockstar games and released gta 6 alpha footage can you make a video on that one. He now asking 100k to not leak the source code of the game
This guy could be a millionare right now, Had enough info that he could have request that they pay any amount he wants to keep it all secret or erased. If all of that was leaked, uber would literally be ruined for eternity as that's a lot of sensitive information about employees given the amount of people who work for uber.
Indeed, look at the past 6 months and this drop is tiny compared to all the other Business Risks that Uber has to deal with. Nothing will change until Customers stop using Businesses when they get breached, however we have seen time and time again, the general public don't really care that much as they want the service that these Businesses offer more than they want proper security.
I’m 15 and I can stay hidden far better than most people, firstly: Get a vpn, then use TOR for all internet connections and keep an eye on what your pc is sending, make sure to remove all metadata from files (especially images as it may contain the geographic coordinates to the place it was taken).
wait, isn't that the same dude who leaked gta 6 gameplay?? or are there two Tea Pots leaking data from big tech?? XD update: ok his name on gtaforums is literally teapotuberhacker so yea, but someone gotta stop this guy 😭😭
There's nothing complicated or experience based about this attack, any idiot can do a phishing attack, specially nowdays with tools already made for that like gophish and SET. There isn't a single 12yo ,or 18 yo for that matter ,than can do really complex hacks. All they do is phishing, xss and sqli. Show me only one that did some kernel mitigation like kASLR, SMEP, SMAP, kCFG or HVCI to get access into a system or some modern low level bypass or attack, and I'll say that you are correct.
@@rdarkmind well, I agree with you, really. It makes me furious when the media says "a ___ year old hacker did this" and all they did was a phishing attack... -_-
@@morsine The media are imbeciles. They always have been. I'm old school, I believe that only hackers can can call others hackers. It's a title that has to be earned with hard work, passion and dedication, is not something that you, or the media for that matter, can pin on yourself. I know a lot of bounty hunters and pentesters, but I know very few that can be called hackers.
Gotta love the employees reacting to the message with a KEKW emote from twitch
Seriously
kekw is a racist thing that came from 4chan it’s another major troll they did idk how anyone realized yet
One really good question is why they had powershell scripts lying on shared drives with admin credentials in it seriously beside the obvious human factor this seems to be the biggest misstep in here honestly
Yup, anyone smart enough to write powershell scripts is smart enough to know better
Having the admin credentials on shared drive is just dumb. I just had to facepalm.
@@ivanv754 guess s/he was lazy to run the script as admin each time so s/he hard codded it
One word: laziness.
It happens more often than many know. The fact they don’t have methods to find it is the piss poor part.
I love how the guy is just a troll, and its probably his first time doing a successful hack of that scale lol
well the guy who did the uber hack just leaked gta 6 LOL
@@OstlyBoy link when you say stuff like that plz :/
@@OstlyBoy where ??
@@OstlyBoy give source
@@OstlyBoy eww they are making feminist main characters
Uber were damn lucky it was a kid, if this had been anyone else they would be having a going-out-of-business lawn sale about now. Uber should give the kid a bounty and learn from this- it would have been so much worse.
Yeah, aside from the stock plummeting, like... What have they even done? Just posted proof that they're in. They could have broken everything, but just... didn't. Most of this is Uber's fault.
True
I really hope they don't sue him and they actually benefit from him.
Uber is sooooo dumb and stupid tho...
I wonder how bad their IT engineers are
Imagine keeping an admin account's username and password on a network share available for all other employees...
@@aaaaaa-hh8cq Unfortunately the first thing is most likely to happen. The person who did this does seems to be on the autistic spectrum. He has done this type of social engineering/mule acts before, and even got arrested for it.
And i think many Sysadmins/IT technicians can see themself guilty to the script with admin creds lol
Bro a 16 year old hacked rockstar, this 18 year old was having fun
@@lillywho They have backups of backups, the damage is mostly in PR and downtime.
I love how we are so used to hacks like this that we don't even blink at the sentence: 18 year old hacks company causing stock to lose billions of dollars xD
More social engineering
@@boxinabox6608 i would qualify social engineering to be a sort of "hacking"... hacking humans :)
@@boxinabox6608 Social Engineering counts as hacking, primarily hacking the mind.
Vandalizing their hackerone account was a true baller move. lmao.
Ikr 💀
this whole story basically is like old school hacking "let's see if I can get into their system" lol
It was pretty smart
The guy chose to troll when he could have made millions. That's dedication!
Not really.
Dedication to life sentence more like
The hacker has a low IQ. There is no way he could have made millions.
Oh whoops he's already arrested lmaoo
@@Youmu_Konpaku_ yeah, if they have the right guy. but they probably do.
Don't know if the kid should be ruthlessly punished or be give an Award for putting up a show of how Sloppy and Gullible these multi-billion dollar Companies are 😅
punishing people who had no actual ill intentions sounds like a great way to grow the dark side and grow security oversights
@@GrandpaRanOverRudolf Agreed
Hopefully they put him into a bootcamp or something like that to reform him and teach him how to use his talents for good. However, since they're legally an adult, idk if that's even an option. Also, I'd be surprised if they don't already know who he is.
Security cost money, and Profits always comes first.
he’s gonna get a job either way. What do u think they do to non malicious “hackers”
I love how he's exposed their awful security, and I hope he's not caught.
and in a few weeks their share price will recover and the ExCo Team will look at this and think, why spend any more on getting security done properly.
@@blacksparrow2868 lol true ...
Don't expect a company who puts sensitivity data in a PowerShell script and keeps it in their network share which is accessed by all employees... 🤣🤣🤣🤣🤣
@@aaaaaa-hh8cq I have seen this many times. Clear Text Password in scripts and when you advise the Business that this is poor security and they need to change it, The Business normally chooses not to fix it as by the time you have told them, they are using that on many Business critical systems that they are scared to mess with.
Crazy as it is, but this type of poor security will keep me in a job for the rest of my life.
Finally, someone explains what happened in an order that makes sense.
pwned ¥⍤♆π @$$
Bruh also hit rockstar
Ah yes, no safeguards against 2FA spam on the authenticator's end and hardcoding admin credentials in a PowerShell script. These guys really are the gold-standard for security.
You can't protect against the human no matter how much Cyber Security training they are given.
@@blacksparrow2868 yes you can, just delete humans.
@@blacksparrow2868 The job of a cybersecurity employee is to mitigate the human as much as humanly possible. As part of that, controlled access is among the most important and effective policies an IT administrator can implement. Employees should NEVER have access to another employee's security information *under ANY circumstances*.
As for the authenticator app, a basic check to see how many times a particular server/application/source has requested authentication permission in the last 6 hours and prevent its requests from going through if enough have already gone through.
That powershell part is so messed up and funny 🤣🤣🤣🤣🤣🤣🤣
@@BellCube Yes, mitigate the human as much as possible is the key point of the MFA, however you can not stop the human from by passing those mitigating controls as shown in the Uber case.
Too few push notifications means you are not alerting of change in permission context, so missing a real attack. Trust me, I have seen it where someone has 1 app open in the background which has gone passed its allocated time of use and requires the User to get re-authorised and the User is busy on another urgent task and will just ignore the multiple push notification as they are busy, and will sometimes just click YES so they can get on with their work. As I said, humans are humans and mitigation can only go so far.
Look at the 2022 DBIR, 82% of actual breaches had a human element to them.
Fun fact, I genuinely used this video as part of research for my personal statement for UCAS, and it helped me get into uni
Thanks, Seytonic
Two things I want to say:
1.Congrats on getting into uni 😊
2.The person who did the cybercrime of hacking uber was actually arrested a few months after this was made fulfilling Seytonics prophecy lol
They should hire this guy instead of taking him to court.
He didn’t want to cause harm, he was genuinely interested in breaching security. He should not be a prisoner. He should be a pentester!
Yes exactly! We needs all the talents we can have
Rule No. 1 of the white hat world is don't break the law. If he get's caught he won't find work in this world (legally) afterwards. Black hat hackers with a criminal record that get hired by big companies after are very rare.
He vandalized bug bounty reports and more importantly, the public announcement of the hacking itself made Uber's stocks drop sharply (maybe hundred millions dropped). The damage was pretty big, it wasnt really harmless.
Imagine if that 18-year-old had contacted an immoral investor and convinced him to short Uber.
Most companies have horrible security it’s shameful that we have to trust companies with very weak and pathetic security
We don’t have to trust companies, what’s shameful is we have to trust governments.
The only way to get better security in these Businesses, is for the customer to stop dealing with them.
Just look at the Uber share price over the past 6 months, this cyber incident only dropped a small amount compared to all the other Business risks they have to deal with.
If customers started to stop using these Businesses then it would change the Exec Team attitude to Cyber Security.
@@blacksparrow2868 If customers stop using them they will try to cut costs. Dying companies are notorious for terrible security. If there are more devastating attacks they might learn. People need to somehow voice their concerns. With banks it’s pretty straightforward to just buy Bitcoin because they will see their deposits drop as Bitcoin’s price rises but just losing business doesn’t really tell them what’s going on.
He just leaked GTA 6 LOL
The kid saved them. An experienced hacker could have completely obliterate the company. And they wouldn't even know until the everything goes to hell.
In my opinion they should reward the kid instead
Instead he was arrested
@@noobzoid yes, 17 yr old from the uk
Would a pro guy get arrested ?
Uber is one of those companies / apps where I visit their website and the UI / UX is so simple yet so buggy and unfunctional that I am worried everytime I enter any kind of personal information. I am not surprised and I am very happy they got hacked, hopefully they learn from their shitty development practices.
Not with this hack, it's unfortunately a social engineering hack than it is an IT-related hack
Imagine how awful their IT engineers are ...
Keeping sensitive data on a fuckin powershell script in a network share available to all employees...
All customers should be worried ... 🤣
don’t forget the hackerone account, bro got vulns for days
Vulns for Days... I'm putting that on a shirt 🤣
Well this was social eng. attack, which is not accepted on uber's program, so he will probably get N/A on all of them.
@@dim_1074 no I’m saying he had access to vulnerability reports, so the scary part is he could just pocket/abuse all of them until they get patched
@@thetottyapple227 Exactly
they could either bring him infront of a court or give him a new job depending on how many brain cells they actually have..
Why the hell doesn't Duo and other 2FA push solutions rate limit access requests?
The employee that used the fake login screen and accepted the 2FA request should be fired immediately, first and foremost
Holy shit, that's a fucking insane hack. That's absolutely devastating, and it's an 18-year-old hacker.
They're 100% getting hired by someone, I'd be amazed if they didn't. As simple as the hack was, it's still impressive.
Seytonic has him as an understudy now..
the first reaction from the employees slack was reacting with twitch emotes :skull:
@@pompomaddons I mean Uber is a tech company who do you think they hire
fucking insane hack? you mean decent social engineering work, where did you see the hack?
There's no good proof that he's 18.
3:50 - This is how it ends when company requires to install auth app on employee private device.
He could have potentially gone short on uber stock and made a lot of money off of that. This method is more discrete as there is no extortion or transactions of any sort.
Apparently Tea Pot released the GTA6 leaks aswell. ... big sad.
You forgot to mention that as 'Tea Pot' also known as White was just released out of prison literally like a few months ago.
Easy way to monetize something like this: buy a ton of puts right before announcing the hack
I hope he isn't prosecuted for more than push notification harassment, if he did not caused direct harm to the company (excluding the reputation). The malicious intent/activity is what differentiate criminal hacking from the rest.
he'll be charged no doubt, getting in any system and not doing anything even if you just guessed the password is illegal, hoping the jury goes easy on him though he is only 18
I think your comment misunderstands the criminality here. He gained unauthorized access to a private computer system for his own gains. Just because he didn't leverage this into more lucrative criminal activity doesn't mean that isn't crime.
@@ceticx @Will Stikken Fair enough. Technically speaking he used site-impersonation and harassment to gain unauthorized and clearly protected access to an employee's account. Usage of the hard-coded password is an information he found in protected context with unauthorized access and guessing password is illegal. But if he was actually an Uber employee, then it would be different. It should not be enough to declare something legally protected without an actual protection.
My point: Technical competence of public corporation that carry user data should be a requirement, not a right.
"Reputation" lol 6 billion drop
For example if am area is private property but there is no fence around it, there's nothing stopping anyone feon trespassing, but they can still be punished for it if they do
Management never want to hear it when you tell them most data breaches are the result of human error or social engineering. The master hacker hexing all the company's diligent (and compliant to the letter) implementations of best practices with their black sorcery is the story they would prefer to tell shareholders, as opposed to Jared sticking a USB marked "nr0p" he found in the carpark in his workstation terminal.
I don’t condone the action, but its cool too see some non profit driven hacks, doing it just for the lulz
See this is what I absolutely love about hacking - it's usually not some overly complicated process that requires alot of computing power and software, it's mostly just social engineering, predicting people's behavior and using it for personal gain.
They should use physical u2f security keys and require in person KYC-like procedures for 2-fa recovery.
Remember RSA Tokens 🙂
It certainly raises the barrier, however many Businesses are unwilling to spend that extra money and inconvenience their end users.
@@blacksparrow2868 A u2f key can remain inserted in the computer whereas as an rsa token is more tedious for the user because they have to keep entering a code manually. Granted, it’s not good for physical security to keep a u2f key inserted but most of these attacks are done remote. Yubikey makes a lower profile u2f key designed for leaving plugged in all the time.
@@martinlutherkingjr.5582 yes I know all that I use them myself.
However they also cost money which Business are unlikely to purchase for all Users.
@@blacksparrow2868 Uber can afford it
@@martinlutherkingjr.5582 That is not how Business works.
Its sad, but "Share Holders" would not stand for lower profits just for better Security as the tiny dip in Share Price for Uber will be back up in a few weeks. There are greater Business Risks to their Business than a security breach.
For most breaches, its only the customers who suffer and maybe a few token people get fired, however the Business goes on.
My mom just slapped me across the face.
.. she says I don’t want seytonic enough. :(.
Uber is one of those companies where it's dead easy to refund your food, gps spoof on their services and yes of course hack them.
Refund how?
oops, rockstar has been hit by him too now
2:10 looks like Chris is not gonna having a fun time for the remainder of this year
We don't really know what this hacker wants. It is an assumption that the hacker is 18 years old, that is according to the hacker him/herself. What if he finds all kinds of evidence of illegal activities. Let it be hacktivism. Would love to know more how dirty Uber is inside, when we can already see clearly how the abuse their drivers in public. Hope you will keep on it and update us again. Cheers..
Good thing he didn’t ask for ransom in case of court that could increase his sentence
Yup, that's totally embarrising lol.
this is the same guy that hacked rockstar
This hacker apparently also hacked rockstar and leaked GTA 6.
Good lmao
@@yaboipatrick yea until there is a daley
Wow he took the term brute force to a whole new meaning.
Everyone used the word "pwned" when I joined the internet some ten years ago - I didn't get it then, and hell, I still don't get it now
A pwned account is a stolen account. It just means that someone has gained control over something IIRC
If you ever get a 2fa/mfa notification that wasn't directly you, change your password straight away. If that password is shared on anything then change it on those places too, preferably a unique password for each
I think he's the same guy that leaked GTA 6 and got caught and is probably going to get extradited to the USA for charges.
"We are a technology company".
Classic case of social engineering smh
Maybe the hacker bought Uber Puts the day before 🤣🤷♂️
All it takes to stop 2FA spam is obvious: CHANGE YOUR PASSWORD
I wasn't able to cash out thanks to this BS. People gotta get paid and live, punish the company, not the poor workers just trying to survive....
How very oldskool and refreshing.
I miss the Good old days when we hacked just for fun.
Oh... & start Global thermal nuclear war whilst playing Tic TacToe. Cheerz Tonic.
I just covered this and will continue to follow up on it, how embarrassing!!
Aperently the Uber hacker just Leaked GTA 6 footage and the source code
That uber employee had a fight with his wife that night and had enough
gotta talk about how he got gta 6 leaks lol
😅 this is EMBARRASSING but not uncommon.
I've been at companies that are this easy to hack😊
Which companies? 🕵️♂️
@@mntmntmnt call me crazy but I like not being in prison 🤣🤣🤣🤣
@@sollymadeit im not a fed! You can totally trust me
@@mntmntmnt that is LITERALLY what a fed would say 🤣🤣🤣🤣
@@sollymadeit well my instructor at the cia told me
Can you investigate and report on the Go-Ahead Group hack please
while really not important to most people, uber stock price will recover as they will forget about all this in a few weeks. and as how patagonia has implied, stock prices distract public companies from their stated mission statements and making money becomes the ultimate shortsighted end goal than any actual worthwhile meaning behind their own services to users.
totally agree,
Just look at Uber share price over past 6 months, this drop is tiny compared to all the other Business Risks they need to deal with.
And Everyone(customers) is to blame for this, if customers were like "I am not going to use Uber anymore because of this security breach" then it would be a different matter.
However as it stands, The Board is not going to change their security stance unless it costs them big.
Maybe the real hack was to drop their share price in a long form shorting bid.
Not the fault of the employee. If a single employee's compromise can cause such damage to a company like Uber, the problem is elsewhere. This should have been handled upstream.
The whole internal security sounds like a joke.
The funny thing is, they have the exact same vulnerability right now.
You have to respect the fact he was just trolling instead of using ransomware to extort millions of dollars out of the company which is what any other hacker would have done.
bro the share price went down because he showed earnings for the company........
Excellent, i hope Uber faces bankruptcy. It harms society more than it does good, it's a giant scam. Rips off the uber workers and makes the work of a taxi driver more precarious. This guy is a workers hero.
Good day for cyber security workers
Damn... Pierre out there spending over 100k on Uber. Someone contact that guy LOL
last time I ordered from uber was tracking the driver.. food was picked up and driver was literally around the corner i was at my front door waiting as he was close by.
all of a sudden "order camcelled" I got onto support who rang me within a few minutes. told me there was an "error with the otder" and I'd get a refund to my bank within 1-3 business days.
No refund happened. When I emailed them again they said sorry because you order was more than 24hours ago we cannot issue you a refund. Even tho I was told previously I'd get a refund. Never again will I use the service. The driver ate the food no doubt!
Thanks for the report!
It's all fun and games, until someone calls the police
The same hacker just leaked GTA 6. He uploaded 30min footage of gameplay
https:/th-cam.com/video/az2wt7sRuHM/w-d-xo.html
1 hour actually
Self taught teen hacker beating the experts with certifications and credentials. Interesting
in my opinion he doesnt deserve to be caught because he is a genius
Should have used the title "This hack is UBER embarrassing..."
Multi factor authntiction fatigue attack can be prevented
It just goes to show that a competent todler could hack a tech company if they really wanted to. Social engineering is extremely powerful and a literal 15 yr old can gain access to a billion dollar company.
no, lol, uber is just stupid and it doesnt prove anything because it doesnt automatically apply to every billion dollar company
He then leaked gta6
This guy hacked rockstar games and released gta 6 alpha footage can you make a video on that one. He now asking 100k to not leak the source code of the game
This guy could be a millionare right now, Had enough info that he could have request that they pay any amount he wants to keep it all secret or erased. If all of that was leaked, uber would literally be ruined for eternity as that's a lot of sensitive information about employees given the amount of people who work for uber.
I miss that good old time where hacking was dune for lulz and to vandalize stuff lmao
that share drop just seems like regular fluctuations to me. you should have shown the monthly trend for scale comparison.
Yeah looks like it dropped back to what it had been 2 days before.....
Indeed, look at the past 6 months and this drop is tiny compared to all the other Business Risks that Uber has to deal with.
Nothing will change until Customers stop using Businesses when they get breached, however we have seen time and time again, the general public don't really care that much as they want the service that these Businesses offer more than they want proper security.
My threat level is negligible but it's good to know what NOT to do when faced by a nagging attack.
Good lad 👍
He's learning.
Thank you Seytonic
#Seytonicisn'tpaidenough
This kid shows how the biggest threat to security it's humans instead of machines
you have any videos or recommended books on how to stay incognito in an instance like this
I’m 15 and I can stay hidden far better than most people, firstly: Get a vpn, then use TOR for all internet connections and keep an eye on what your pc is sending, make sure to remove all metadata from files (especially images as it may contain the geographic coordinates to the place it was taken).
LOL, this is cute.😂
@@rdarkmind ??
This guy supposedly leaked GTA 6 footage as well xD
"The guy is only 18 so realistically he can't be that experienced" I wouldn't underestimate him, after all, he did hack uber
Ergo any human that is part of the system is the weakest link.
And then he proceeded to hack Rockstar
The kid should have asked to be employed
wait, isn't that the same dude who leaked gta 6 gameplay?? or are there two Tea Pots leaking data from big tech?? XD
update: ok his name on gtaforums is literally teapotuberhacker so yea, but someone gotta stop this guy 😭😭
its the hacker of lapsus
I know Tea Pot, he is pretty famous on french dark community, so for the info : he is french, some dox of him are on internet :D
I've seen 12 year old hackers, so imo age doesn't play a role in experience.
There's nothing complicated or experience based about this attack, any idiot can do a phishing attack, specially nowdays with tools already made for that like gophish and SET. There isn't a single 12yo ,or 18 yo for that matter ,than can do really complex hacks. All they do is phishing, xss and sqli. Show me only one that did some kernel mitigation like kASLR, SMEP, SMAP, kCFG or HVCI to get access into a system or some modern low level bypass or attack, and I'll say that you are correct.
@@rdarkmind well, I agree with you, really. It makes me furious when the media says "a ___ year old hacker did this" and all they did was a phishing attack... -_-
@@morsine The media are imbeciles. They always have been. I'm old school, I believe that only hackers can can call others hackers. It's a title that has to be earned with hard work, passion and dedication, is not something that you, or the media for that matter, can pin on yourself. I know a lot of bounty hunters and pentesters, but I know very few that can be called hackers.
@@rdarkmind Indeed. well said !
Just like the story about the btc scammer and Twitter... embarrassing.
if you were getting 2fa requests you dont recognise wouldnt you immediately go to whoever your sysop is and talk about it
When you're a Hacknet Fan