Skip to content
All posts

Here’s exactly how the Uber breach would have been prevented by Soteri


Once attackers breach a network security perimeter, what do you think they’re going to do first? Well, here is an attacker’s own account of his successful Uber breach:

Let’s recap: the attacker gained access to a PowerShell script which contained a username and password for an administrator account for the privilege access management (PAM) service Thycotic, with which he was able to extract more secrets from other highly critical services. We’ve said this before, but privilege escalation is a very common vector of attack after a perimeter breach like this, and storing credentials where they shouldn’t be is an all too common mistake even among well-intentioned users.

If this script was stored in a version control system like git, as they often are in software and IT teams, Soteri’s Enhanced Secret Scanning for Bitbucket would have detected and flagged the password, and with our commit hook enabled, it would have never even made it into the repository. If the contents of the network share were scanned by Soteri’s Scanning Service, it would have been detected there as well.

In fact, Uber’s recent breach is a textbook example of the value of secret scanning. While unfortunate, the breach is a good reminder that an ounce of prevention is worth a pound of cure. With Soteri’s scanning service and its plugins for Bitbucket and Confluence, secret scanning is fast, robust, unintrusive, and easily automated.