Unless you were off planet or on a remote uninhabited island mid Pacific with no Internet access, it would have been hard to miss the Uber hack which was disclosed in September. An obvious question that came to everyone’s mind is “what exactly went wrong with Uber?” and “What could they have done better to prevent this breach from happening?”. If you are also curious about this and searching for the answer to these questions, then this blog post gives you good insight into what went wrong and the aftermath of the attack.
In this blog post, we will break down the Uber security breach into “what” and “how”. Then we will try to address some measures which Uber could have taken to prevent this breach from happening ending with a summary of important lessons learnt from this incident.
This article has referred to multiple Internet sources to build a timeline of the execution of the breach and predominantly covers the technical aspects of what (potentially) happened.
On 15th September 2022, Uber made an official announcement acknowledging the security breach. Soon enough Twitter users started tweeting about this. Some users even started tweeting about this even before the official announcement was made from the company side. The hacker after getting access to Uber’s AWS, **Slack **and **SentinelOne **accounts started posting insider information and screenshots of evidence to announce the hack.
