UBER on Thursday said that it was investigating a “cybersecurity incident” after a report that a teenage hacker had breached its internal systems.
A tech whizz who says they’re just 18 years old claimed responsibility for the attack. It is unclear whether customer data was compromised.
1
Uber had to shut several internal communications and engineering systems in order to contain the breach.
A hacker compromised an employee’s workplace messaging app Slack and used it to send a message to Uber employees.
In the message, they announced that the company had suffered a data breach, according to a New York Times report on Thursday that cited an Uber spokesperson.
The hacker is said to have mocked Uber employees and sent obscene photos of male genitalia on Slack.
It appeared that they were later able to gain access to other internal systems.
According to The Register, those included the company’s HackerOne bug bounty account, where it documents vulnerabilities in Uber’s software that can be exploited by hackers.
If details of unpatched flaws were to be published online, it would leave the app severely exposed to hackers.
The food and ride-hailing service said Friday: “We are currently responding to a cybersecurity incident.
“We are in touch with law enforcement and will post additional updates here as they become available.”
The Slack system was taken offline on Thursday afternoon by Uber after employees received the message from the hacker, who claimed to be 18 years old, according to the Times report.
“I announce I am a hacker and Uber has suffered a data breach,” the message read, and went on to list several internal databases that were claimed to be compromised, the report added.
A person, claiming responsibility for the hack, told the paper that he had sent a text message to an Uber employee claiming to be a corporate IT person.
The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, the report said.
Slack said in a statement to Reuters that the company was investigating the incident and that there was no evidence of a vulnerability inherent to its platform.
“Uber is a valued customer, and we are here to help them if they need us,” Slack, which is owned by Salesforce Inc , said in the statement.
Uber employees were instructed to not use Slack, according to the report. Other internal systems, too, were inaccessible.
The full scope of the breach remains unclear.
Sam Curry, security engineer at Yuga Labs, who claims to have corresponded with the hacker, said it appeared the person responsible had total access to Uber’s internal systems.
“The attacker is claiming to have completely compromised Uber, showing screenshots where they’re full admin on AWS and GCP,” Curry wrote in a tweet.
He added: “This is a total compromise from what it looks like.”
It’s not the first time that Uber has been hit by a data breach.
In 2016, its databases were compromised by cyber crooks in a massive breach that Uber reportedly tried to cover up.
That fiasco led to the personal information of 57million passengers and drivers leaked online.
If the latest data breach has compromised customer data, they could be vulnerable to phishing attacks.
These are phone calls, text messages or emails that use your personal information to trick you into handing over online credentials or banking logins.
Brian Higgins, Security Specialist at Comparitech, said: “Uber users will be particularly vulnerable to Phishing activities from a wide variety of criminal sources and should never, under any circumstances, give out personal information about themselves, their Uber accounts or other financial details.
“Change your passwords, keep an eye on the news and initiate any and all contact with Uber yourself if you absolutely need to.
“Whoever contacts you about this incident directly in the coming weeks and months it will certainly not be Uber.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
