Transportation giant Uber was hacked Thursday, forcing the company to take many of its systems offline.
The hacker, who claims to be an 18-year-old showing off his cybersecurity abilities, sent images of Uber’s emails, codes and cloud storage to The New York Times and cybersecurity researchers, the Times reported.
The hacker reportedly managed to access nearly all of Uber’s internal systems and security.
“They pretty much have full access to Uber. This is a total compromise, from what it looks like,” Sam Curry, who is a security engineer at Yuga Labs and has contacted the hacker claiming responsibility, told the Times.
This is not the first time Uber has been compromised.
In 2016, a hacker stole the data and information of 57 million driver and rider accounts and then demanded $100,000 from Uber before they agreed to delete the stolen data.
Uber paid the money and kept it a secret for over a year, landing them in hot water with the U.S. Federal Trade Commission, Reuters and other news outlets reported.
Uber is working with police to investigate the latest breach.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” the company’s PR team tweeted.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
— Uber Comms (@Uber_Comms) September 16, 2022
Employees were told to stop using Slack, the company’s messaging system.
Two anonymous employees told the Times that they also found that other internal systems of the company were inaccessible.
The hacker used Slack to contact Uber employees Thursday afternoon to notify them of the system breach. The message ended with the hashtag “#uberunderpaisdrives,” an apparent reference to the low pay drivers receive.
“I announce I am a hacker and Uber has suffered a data breach,” the message read.
— Colton (@ColtonSeal) September 16, 2022
The hacker said that he broke into Uber’s systems simply because the security was weak.
“The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering,” the Times reported.
This kind of hack has also happened before to other big tech companies.
Rachel Tobac, the chief executive of SocialProof Security, spoke to the Times and pointed back to the 2020 hack of Twitter, which was orchestrated by several teenagers who used social engineering (much like the Uber hacker apparently did) to access the social media platform’s systems.
“These types of social engineering attacks to gain a foothold within tech companies have been increasing,” Tobac said.
Microsoft and Okta have also experienced similar hacks, the Times reported.
Curry also said that this Uber hack looks like it was carried out by a teen.
“It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,” Curry said.
With this new hack, Uber faces the possibility of millions of drivers’ and riders’ private information being compromised, according to Forbes senior contributor Davey Winder, a veteran technology journalist.
Jake Moore, a global cybersecurity advisor at the software company ESET, told Winder that Uber has likely had a good deal of its data leaked through this new hack.
“This attack has left Uber with a significant amount of data leaked with the potential of including customer and driver’s personal data,” Moore said.
“This is seemingly the work of a clever socially engineered attack. Gaining entry to private data inside VPNs needs to be difficult and behind strict protections. This leaves Uber with a lot of questions about how much data was compromised via such an easy method,” he added.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.