pixel
(844) 915-5155
(844) 915-5155

Uber Hacked in September 2022: How to Protect Yourself from MFA Fatigue

Uber Hacked in September 2022: How to Protect Yourself from MFA Fatigue
Your technology is key to your company’s performance
At XL.net, we make sure that your technology aligns with your business goals through our reliable and managed IT solutions.
Free and No Obligations
Published Sep 29, 2022

On September 15 of 2022, Uber was hacked due to a vulnerability in their multi factor authentication system (MFA). This article will discuss what happened, and how you can protect yourself from MFA fatigue in the future.

Uber hacker announces in Uber’s internal Slack

“I announce i am a hacker and uber has suffered a data breach,” the message said.

It is unclear the extent of the breach, though I am sure it will become clear overtime. Last time Uber was hacked in 2016, the hacker obtained personal information of 57 million people as well as 600,000 of the US drivers.

The entry point of this hack, appears to have been MFA Fatigue.

What is MFA Fatigue?

mfa fatigue

MFA fatigue is when your Multi Factor Authentication app prompts you quicky and repeatedly on your mobile phone to authorize a log in. This does mean that the hacker already has your credentials obtained either by purchasing on the dark web, or through the hackers own methods.

MFA fatigue can happen to anyone who uses an MFA app, such as Google Authenticator, Duo, Okta, Authy, or Microsoft Authenticator. It is important to note that this is not a weakness in the MFA protocol itself, but rather a user error albeit one that we are all suspectable to if push notifications are turned on in your MFA app.

How to protect yourself from MFA Fatigue?

Disable MFA app push notifications. Yes, I know, it does mean you have to make one or two additional clicks to open your MFA app instead of proactively being prompted, but it is a small price to pay, especially considering all the clicking we all already do.

The surest way to disable it, is to go to your mobile notifications setting, and ensure all authentication app’s have notifications turned off.

If you are you in a business setting, your IT department or IT firm “should” be applying best practices and eliminating push notifications at a company level. Hopefully your IT department or IT firm is ISO 27001 certified, and proactively addressing risks, of which MFA Fatigue is just one.

Though the Uber hack is unfortunate, having such a public company be visibly hacked, serves as a lesson that the rest of us can apply and prevent being hacked ourselves.

You may also like

Jul 18, 2022

Why XL.net Exists

Dear Small businesses, the people within them and XLnetters, I have struggled since early 2009, b...

Oct 19, 2020

We were published on Forbes.com!!

Thank you to the wonderful editors and proofreaders at Forbes.com for launching our article Four Tec...

May 21, 2020

Chicago IT Support and Outsourcing Selection Guide

Your business has decided it's time to change your Information IT support / Information Technology d...

Apr 27, 2023

The 4 Biggest Security Threats in Cloud Computing

As your business operations evolve, cloud computing has grown to be an integral part of your busines...

Apr 19, 2023

The 4 Most Important Benefits of Outsourcing IT Services

As a small business owner, you are likely constantly seeking ways to optimize your operations, strea...

Apr 12, 2023

7 Important Types of IT Managed Services

Managed IT services have become a crucial component of doing business today, with over 87% of compan...