Uber was hacked

Uber was hacked this past Thursday and a successful social engineering tactic (aka psychological manipulation) was to blame.

If you’re thinking “it can’t happen to me,” you’re probably wrong. The 18-year old Uber attacker tricked an employee by repeatedly sending them multifactor authentication (MFA) login notifications for an hour and then messaging them on WhatsApp pretending to be an Uber IT person. The attacker asserted that the MFA notifications would stop once the login was approved, and it worked.

With just one employee’s information, the hacker gained access to Uber’s cloud infrastructure and OneLogin, an identity and access management service. The attack was a classic case of phishing, a social engineering tactic that utilizes fake emails and text messages to trick users into revealing their personal information. Employees are usually the biggest target, and Uber was the latest victim.

The truth is, no matter how protected you think you are, there’s always room to learn new ways to protect yourself and your company. Hackers are getting smarter and even the most “secure” techniques (like MFA) can’t guarantee that you’re immune from a cyberattack. Less than a month ago, hackers used similar employee-targeted phishing tactics to breach Twilio and DoorDash’s systems too.

Besides not clicking on suspicious links and giving out your personal information to people posing as your company’s IT professionals, there are a few more ways to protect yourself from cyberattacks.

If you’re a maker, we recently covered the security benefits of penetration testing here. Albert, a cybersecurity program for Slack, and TypingDNA ActiveLock (an authentication app backed by Google’s AI-focused fund) could also help. The latter functions by using biometrics-based security to continuously authenticate users based on the way they type. In the first 1-2 days of use, ActiveLock runs in “training mode” to learn your typing pattern. From then on, the app runs in “active” mode and blocks unauthorized users. If an unordinary typing pattern is detected, all devices are locked.

For individuals, a VPN and the CrowdSec Console, a security tool that monitors cyber threats on your online services could help.

• Feeling lonely? Buddio Walk finds a remote buddy for your daily walk.

• Wordplay uses AI to help you generate SEO-optimized long-form content.

• Get inspiration from UI Design, a free design resource with Figma and Adobe compatibility.

• Next Cohort is a directory of more than 750 cohort-based courses.

Typed launched today and helps teams work more collaboratively.

It uses existing Google Suite UI, but with added features like the ability to write, research, and view tasks all on one page. The knowledge network tool also allows teammates to see a visual mindmap of how all the documents in a project relate to each other.