pixel
(844) 915-5155
(844) 915-5155

Uber Hacked in September 2022: How to Protect Yourself from MFA Fatigue

Uber Hacked in September 2022: How to Protect Yourself from MFA Fatigue
Published Sep 29, 2022

On September 15 of 2022, Uber was hacked due to a vulnerability in their multi factor authentication system (MFA). This article will discuss what happened, and how you can protect yourself from MFA fatigue in the future.

Uber hacker announces in Uber’s internal Slack

“I announce i am a hacker and uber has suffered a data breach,” the message said.

It is unclear the extent of the breach, though I am sure it will become clear overtime. Last time Uber was hacked in 2016, the hacker obtained personal information of 57 million people as well as 600,000 of the US drivers.

The entry point of this hack, appears to have been MFA Fatigue.

What is MFA Fatigue?

mfa fatigue

MFA fatigue is when your Multi Factor Authentication app prompts you quicky and repeatedly on your mobile phone to authorize a log in. This does mean that the hacker already has your credentials obtained either by purchasing on the dark web, or through the hackers own methods.

MFA fatigue can happen to anyone who uses an MFA app, such as Google Authenticator, Duo, Okta, Authy, or Microsoft Authenticator. It is important to note that this is not a weakness in the MFA protocol itself, but rather a user error albeit one that we are all suspectable to if push notifications are turned on in your MFA app.

How to protect yourself from MFA Fatigue?

Disable MFA app push notifications. Yes, I know, it does mean you have to make one or two additional clicks to open your MFA app instead of proactively being prompted, but it is a small price to pay, especially considering all the clicking we all already do.

The surest way to disable it, is to go to your mobile notifications setting, and ensure all authentication app’s have notifications turned off.

If you are you in a business setting, your IT department or IT firm “should” be applying best practices and eliminating push notifications at a company level. Hopefully your IT department or IT firm is ISO 27001 certified, and proactively addressing risks, of which MFA Fatigue is just one.

Though the Uber hack is unfortunate, having such a public company be visibly hacked, serves as a lesson that the rest of us can apply and prevent being hacked ourselves.

You may also like

Jul 18, 2022

Why XL.net Exists

Dear Small businesses, the people within them and XLnetters, I have struggled since early 2009, b...

Oct 19, 2020

We were published on Forbes.com!!

Thank you to the wonderful editors and proofreaders at Forbes.com for launching our article Four Tec...

May 21, 2020

Chicago IT Support and Outsourcing Selection Guide

Your business has decided it's time to change your Information IT support / Information Technology d...

Nov 23, 2022

What You Need to Know About ISO 27001 Certification Costs

When it comes to information security, ISO 27001 certification is one of the most highly sought afte...

Nov 18, 2022

A Guide to an Internal ISO 27001 Audit: Checklist & Template

If you're responsible for information systems within your organization, then you need to be aware of...

Nov 14, 2022

CommonSpirit Health Hacked in October 2022: How to Protect Your Organization from a Ransomware Attack

On October 3rd, 2022, Chicago-based CommonSpirit Health was hacked with a ransomware attack impactin...