A detailed case study of the September 2022 Uber breach, in which a 17-year-old attacker bought stolen credentials on the dark web, bypassed MFA via a fatigue attack and social engineering, then discovered plaintext PAM credentials in a network file share. This gave admin-level access to AWS, Google Workspace, Slack, VMware vSphere, and Uber's bug bounty reports. The analysis traces each kill-chain phase, identifies missing security controls (threat intelligence monitoring, risk-based authentication, credential vaulting, network segmentation, granular monitoring), and argues that a Zero Trust Architecture with defense-in-depth could have contained the breach at the initial access stage. Despite full system compromise, the attacker caused minimal damage, apparently motivated by recognition rather than financial gain.
Sort: