Completely agree with you that a breach of one person should NOT be the end of a company that large. But I also find it very ironic how it essentially very often comes down to the audacity of a teenager vs. probably an employee who just want their notifications to stop spamming. It's like, "I'm IT, click it" - source: trust me bro.
You get a lot of praise and you deserve it. Yesterday I had too much screen time, again, TH-cam and Twitter, and I start to feel sick and almost everyone is acting inauthentic. Your videos never feel like a waste of time, for one because they are educational, but mostly for me because you are a real person and among everyone acting like a ‘content created’ it really stands out, it’s refreshing and real. Thank you
Your initial Tweet on this was posted on an internal chat where I work shortly after you posted it. I could almost hear the facepalms from the security department that's on another floor. The attack was so simple. Just spam a user for an hour before texting them basically "Hey accept and it goes away, I am from the IT department", and by sheer luck you find privileged credentials. Massive fail from Uber on that one. I do wonder if this will have legal ramifications for them (either regulatory or lawsuits)
Forget the ramifications of Uber, The amount of data Uber has on us means we'd be facing ramifications for years. Visit hospital regularly? Get ready for insurance scam ads (or) worse, insurance premium increase on your current policy. Edit: Added example.
Been looking forward to this video since last night! Very interesting Uber breach. It's not a matter of if but when. Crazy place to have admin credentials on a server. Makes me suspect there has been a lot more breaches. If this person never said anything they could have been in the system for year's.
@@ViolentbyDesign what’s so talented about buying stolen user creds, SE someone into clicking a button and scanning the network with tools everyone can use finding a file that had hardcoded ADMIN credentials? Just takes the balls to do it.
Hey man I just learned you have a TH-cam channel, super glad. AND I see you've got some beginner tutorials. Definitely gonna check those out to see where I'm at with my beginner chops.
Shady company ethics, treat drivers like crap, their still trying to figure out how to turn profit and now data hacked. Is there any positive news about this company?
This would not have worked if Uber used phishing resistant 2FA, like security keys. This is going to keep happening to companies until they make the switch. Relying on every employee to never make a mistake, when there is a solution that is phishing resistant, isn't good security.
My employer just switch to 2FA last year and they gave everyone a choice of tokens, app, or both. I have both. But to be clear both are not required for access, just one. You make a good point, I suppose the more sensitive the job the more they should think about going to something better
@Marcus Hutchins. Good overview video. You have a nice desk setup. Would you mind listing your equipment? 1. Lighting (including location and which components) for items like the blue light behind your monitors? 2. Hexagon tiles? Do they light up? 3. Microphone and boom? 4. Camera? 5. Wall paint color / sheen (matte?) etc? 6. Black desk?
How did rockstar get hacked? It would mean the world to us if you could give us your technical analysis of the Rockstar hacking process!! I can’t find any now and my only hope is you
I love your stories and insight, but your background needs some touchup...you have dark paint on your white wall (which clearly was spread over the paint tape) an on the other side, the line is messy..I'm a former custodian, jus giving my input😁
OMG, a Poweshell script with admim login baked in . Why why why. Just keep a powe shell script on a drive and lock if down with no login info baked in . What a breach
@@brettsmith6298 My problem is that these days everything is hacking and everybody is a hacker and for me that renders the terms hacker and hacking useless and valueless and in reality describes nothing. In which case we might as well not use it
Sir wants help from you about ethical hacking ... Free way to learn ethical hacking... We can't afford a ProTV, hack the box, try hack me, CTF like this paid method .... Sir please make a video for a free road map of ethical hacking... Lots of people quit because of a money problem... Sir please sir you can understand what I am saying...
My guy i like your videos, but youre so soft spoken. I know its genuinely hard to hit the perfect loudness/calm voice ratio and all but this is definitely an area you can improve upon
Completely agree with you that a breach of one person should NOT be the end of a company that large. But I also find it very ironic how it essentially very often comes down to the audacity of a teenager vs. probably an employee who just want their notifications to stop spamming. It's like, "I'm IT, click it" - source: trust me bro.
anyway those thiefs should be ended.
You get a lot of praise and you deserve it. Yesterday I had too much screen time, again, TH-cam and Twitter, and I start to feel sick and almost everyone is acting inauthentic. Your videos never feel like a waste of time, for one because they are educational, but mostly for me because you are a real person and among everyone acting like a ‘content created’ it really stands out, it’s refreshing and real. Thank you
Please post more, you could 100% become a prominent figure in the cybersecurity space on TH-cam. Love the content, would love to see more.
i love that you're way more active on youtube these days!! thank you for existing!!
Your initial Tweet on this was posted on an internal chat where I work shortly after you posted it. I could almost hear the facepalms from the security department that's on another floor. The attack was so simple. Just spam a user for an hour before texting them basically "Hey accept and it goes away, I am from the IT department", and by sheer luck you find privileged credentials. Massive fail from Uber on that one. I do wonder if this will have legal ramifications for them (either regulatory or lawsuits)
Forget the ramifications of Uber, The amount of data Uber has on us means we'd be facing ramifications for years.
Visit hospital regularly? Get ready for insurance scam ads (or) worse, insurance premium increase on your current policy.
Edit: Added example.
Cant beleve you are the hero of millions of people to stop WannaCry
Uber: Why did you do this?
The boy: I just wanted to make my resume colorful.
Honestly if you only have social engineering skills you can be a very dangerous hacker, especially if you know psychology and the like.
What a legend only one ad in the beginning . Your so damn underrated
Been looking forward to this video since last night! Very interesting Uber breach. It's not a matter of if but when. Crazy place to have admin credentials on a server. Makes me suspect there has been a lot more breaches. If this person never said anything they could have been in the system for year's.
The human element is usually the weakest point...
You see, that first hack wasn't really a hack, Uber just gave the gray hat a very generous bug bounty.
This guy just hacked Rockstar bruh
LOL! Uber security is a joke at this point
@@ViolentbyDesign Doesn't change the fact that their security is dogshit
@@T404-i9w -Guy who knows absolutely nothing about security
Hmm yes, but their practices are pretty standard across most businesses, so it goes to show how vulnerable things are
@@ViolentbyDesign what’s so talented about buying stolen user creds, SE someone into clicking a button and scanning the network with tools everyone can use finding a file that had hardcoded ADMIN credentials? Just takes the balls to do it.
@@v380riMz where he bought stolen credentials
He just leaked gta 6 footage from rockstar 😂
Hey man I just learned you have a TH-cam channel, super glad. AND I see you've got some beginner tutorials. Definitely gonna check those out to see where I'm at with my beginner chops.
Marcus is so chill I feel like he should do asmr …
Mr. Dr. Prof. Patrick appreciate it man
Shady company ethics, treat drivers like crap, their still trying to figure out how to turn profit and now data hacked. Is there any positive news about this company?
This would not have worked if Uber used phishing resistant 2FA, like security keys. This is going to keep happening to companies until they make the switch. Relying on every employee to never make a mistake, when there is a solution that is phishing resistant, isn't good security.
My employer just switch to 2FA last year and they gave everyone a choice of tokens, app, or both. I have both. But to be clear both are not required for access, just one. You make a good point, I suppose the more sensitive the job the more they should think about going to something better
I'm watching this with my Uber driver, he's smiling
Here before marcus fixed the title
Lol what was it before?
@@jamess3159 just a typo lol. Hacker instead of Hacked
@@root317 haha nice. 😄
This guy gonna be second networkchuck in youtube world
Thank you, glad to see same content here!
lovely video with in depth explanation but 1 question. How does one do the importings
@Marcus Hutchins. Good overview video. You have a nice desk setup. Would you mind listing your equipment?
1. Lighting (including location and which components) for items like the blue light behind your monitors?
2. Hexagon tiles? Do they light up?
3. Microphone and boom?
4. Camera?
5. Wall paint color / sheen (matte?) etc?
6. Black desk?
And this guy is leaking GTA VI right now 💀
enjoying your videos! good info
Always a pleasure to watch!
Great information and once again credentials reuse and social engineering did it again.
How did rockstar get hacked? It would mean the world to us if you could give us your technical analysis of the Rockstar hacking process!! I can’t find any now and my only hope is you
Why did I move here?
I guess it was the weather.
I love your stories and insight, but your background needs some touchup...you have dark paint on your white wall (which clearly was spread over the paint tape) an on the other side, the line is messy..I'm a former custodian, jus giving my input😁
you're hero bro
OMG, a Poweshell script with admim login baked in . Why why why. Just keep a powe shell script on a drive and lock if down with no login info baked in . What a breach
enjoy and appreciate your vids !
u see that little cog option button on the bottom near the fullscreen button? if u click on that u can chose to slow it down or speed it up. i
Good analysis!
Thanks for the advice👍👍
Where can I read articles about stuff like this? If anyone could tell me I would very much appreciate it.
i dont even care bout the topic (heard it a lot of times already)
imma just sleep to this Video 💀
lmao the asmr is real
😭
I don't know how come the PAM admin/password didn't have MFA?
what do you think about bjorka from Indonesia. can you tell who he is
How a Teenager Hacked ROCKSTAR???
we need video about this
How did he hack R*??
GTA 6 leaked development build next?
Can you talk about rockstar, please ❤❤
Very similar to the BA breach a few years ago. A file with admin credentials just lying around on a networked drive
This dude has a brain
Thoughts on Uber's statement that they have "no evidence sensitive user information was accessed" ?
I’m going to go with… untruthful statement!
wow uber. smh. security is garbage.
nice tuto Thank you!
I have only hacked it!! They can't find me
Bro i love your,videos bro thanks please make tutorial videos about Kali Linux.
I have a full course of kali
This hacker did same for gta ?
the biggest issue is each employee is a point of failure. security needs to be hardened internally, this is a great learning point for Uber.
Thanks 👍
Lol ..,, peep this .., sometimes hacking a simple employee’s data can lead to a downfall of a company. Depending who is the man in the dark
hello ,
my pc has been attacket by uyit ransomware ,plz help me
What a facepalm! Great vid as always.
Prison... Will be great
Without a key board
it's always a Teenager😂
low class hacking an uber driver!
"Welco-"
I can’t even.
*hacked
Make longer videos mark
I wouldn’t complain about that, but that sounds a bit demanding haha
@@shaneofgames3825 Love is demanding. Big Fan of this guy.
I had uber rides that I got 100% of what the passenger paid I wonder if that was part of the hack
thanks ya
Access control !!!!!
I am not sure I would call the attacker a "hacker" but I guess that is down to how you define a hacker
While I understand your sentiment, SE is definitely hacking, but rather than exploiting a computer bug you're exploiting a human error
@@brettsmith6298 My problem is that these days everything is hacking and everybody is a hacker and for me that renders the terms hacker and hacking useless and valueless and in reality describes nothing. In which case we might as well not use it
Good video. This was clear to understand.
Amazing
This is funny i love it, hacking things is just to easy these days lmao, especialy with social engeering
Great
It seems so unbelievable that a major company has done so much mistakes in their CS posture, maybe it's just a canary token that got triggered?! 😉
goat
Senpai
And Russia can't win a war this teenager need to work for Ukraine
Sir wants help from you about ethical hacking ... Free way to learn ethical hacking... We can't afford a ProTV, hack the box, try hack me, CTF like this paid method .... Sir please make a video for a free road map of ethical hacking... Lots of people quit because of a money problem... Sir please sir you can understand what I am saying...
wannacry hero, jonathan data.
I wanna know who's spending 410k a year on T&E at uber lol
Telegram the new dark web lmao
1:03 I love the TryHackMe reference my dude xD
Can you please sync your channel to Odysee ❤
Would love to do a team-up on cyber news @Marcus
Uber rockstar take 2 and 2k all by the same 16 year old
Woohoo! 1st 😂😂
My guy i like your videos, but youre so soft spoken. I know its genuinely hard to hit the perfect loudness/calm voice ratio and all but this is definitely an area you can improve upon
Stop it! You are being greedy. Accept him as he is!!!
I see the soft voice as a plus not a minus at all
I think it's perfect as I find it calming
So UBER EMPLOYEE login via onelogin??
hello im uber employee please send me your crenditals plz
Probably the 18-year-old did too much "hack the box" and "tryhackme".