https://iaeme.com/Home/journal/IJCET 715 editor@iaeme.com International Journal of Computer Engineering and Technology (IJCET) Volume 15, Issue 4, July-Aug 2024, pp. 715-720, Article ID: IJCET_15_04_062 Available online at https://iaeme.com/Home/issue/IJCET?Volume=15&Issue=3 ISSN Print: 0976-6367 and ISSN Online: 0976-6375 Impact Factor (2024): 18.59 (Based on Google Scholar Citation) DOI: https://doi.org/10.5281/zenodo.13368425 © IAEME Publication DISSECTING THE UBER SECURITY BREACH: ROOT CAUSE ANALYSIS AND MITIGATION STRATEGIES Ujjwal Sharma Cyber Security Architect, Production Technology, SLB Samruddhi Mangesh Kalekar Technical Business Analyst, SAP, SLB ABSTRACT On Thursday, September 15th, 2022, Uber, an American multinational ride-share company, confirmed reports of an organization-wide cybersecurity breach. This concerns how an (allegedly) 18-year-old attacker could hack the ridesharing giant’s IT infrastructure, acquire access to user data, and access vulnerabilities reported to Uber’s HackerOne account. It’s important to note that a single technology solution could not have avoided this breach, nor was it that a single person, company, or provider was to blame. Building on CyberArk Red Team and Labs ‘analysis, let’s delve deeper into the Uber hack, particularly the hard-coded credentials that were reportedly used to gain administrative access. This incident underscores the criticality of stacked defenses, showing how they can effectively collaborate to thwart related attacks. This should instill confidence in our ability to mitigate such breaches in the future, knowing that we have a robust system in place. Keywords: Uber, Social Engineering, PAM, Hardcoded Credentials, Data Exfiltration Cite this Article: Ujjwal Sharma and Samruddhi Mangesh Kalekar, Dissecting the Uber Security Breach: Root Cause Analysis and Mitigation Strategies, International Journal of Computer Engineering and Technology (IJCET), 15(4), 2024, pp. 715-720. https://iaeme.com/MasterAdmin/Journal_uploads/IJCET/VOLUME_15_ISSUE_4/IJCET_15_04_062.pdf