Ride-hailing giant Uber is investigating a cybersecurity breach by a hacker who claims to have stolen sensitive data from the company’s internal systems.
The New York Times first reported the incident, explaining that Uber took several of its internal communication systems, including Slack and engineering systems, offline to investigate the scope of the attack.
A source told the publication Uber employees received a Slack message Thursday from an unknown sender, saying they were a hacker and “Uber has suffered a data breach.”
The person provided a number of internal databases that they claimed to have hacked.
They appear to have compromised an employee’s Slack app and used it to relay the message to other employees. Uber decided to take the Slack system completely offline in response, the report said.
The attacker was apparently able to use their Slack access to reach other internal company systems, according to an explicit image posted to an internal employee information page.
The person sent screenshots from emails, cloud storage, and code repositories to both The New York Times and cybersecurity researchers.
The person said they texted an Uber employee pretending to be a member of the company’s IT department. They were able to convince the employee to provide a password that would give them access to Uber’s systems.
Jake Moore, global cyber consultant at ESET, said the allegation “highlights once again the importance of training employees to stay alert and be able to identify and verify targeted phishing attempts, before handing out any credentials.”
Deryck Mitchelson, Field CISO at Check Point, said, “There are solutions that can actively protect against sophisticated phishing techniques like this, but it’s also absolutely critical that organizations take the time to educate their employees about the threat.”
The hacker claims to be 18 and said the company’s lax security measures were the reason they were able to access Uber’s servers. They also advocated higher compensation for Uber drivers in the Slack message.
Sam Curry, a security engineer at Yuga Labs who spoke with the hacker, said they had “pretty much full access to Uber.”
“As it stands, it’s a total compromise.”
bleeding computer says it contacted the attacker and saw screenshots showing access to Uber’s IT systems, including the company’s security software and Windows domain.
The screenshots also indicate that the hacker has access to the Google Workspace email admin dashboard, VMware ESXi virtual machines, the AWS console and the Slack server.
An Uber spokesman said the company is investigating the incident and is in contact with law enforcement.
We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates here as they become available.
— Uber Comms (@Uber_Comms) 09/16/2022
This isn’t the first time Uber has been hit by a data breach.
The company came under fire for failing to properly report a data breach in 2016 that affected 57 million passengers and drivers. Uber eventually paid the hackers $100,000 to cover the breach and it wasn’t released until the second half of 2017.
US federal prosecutors have meanwhile charged the company’s former security officer, Joe Sullivan, with attempting to cover up the incident.
They state that he “has instructed his team to strictly control knowledge of the 2016 breach.” Sullivan has denied the allegations against him.