Uber confirmed it’s coping with a “cybersecurity incident” after a teenage hacker reportedly breached the ride-sharing big’s inner techniques and started taunting employees with specific messages and pictures.
The hacker who took duty reportedly claims to be simply 18 years outdated, and gained entry to the ride-sharing big’s inner networks by pretending to be an IT employee and asking for an unnamed Uber worker’s password.
The alleged hacker disclosed the info breach in messages to the New York Times and cybersecurity researchers, the outlet reported. Uber workers discovered that techniques have been compromised after the hacker posted a brazen message on the corporate’s Slack messaging platform.
“I announce I’m a hacker and Uber has suffered a knowledge breach,” the message mentioned. The hacker additionally reportedly posted that Uber drivers ought to be “higher compensated for his or her work.”
The hacker appeared to have gained full management of Uber’s techniques, safety engineer Sam Curry of Yuga Labs informed the New York Instances.
“They stunning a lot have full entry to Uber,” Curry mentioned. “It is a whole compromise, from what it appears to be like like.”
The hacker purportedly taunted Uber workers by sharing on firm platforms. One worker told Fortune that the hacker posted a photograph of an erect penis and the message “F— YOU DUMB WANKERS.”
The hacker informed the New York Instances that he determined to breach Uber’s techniques as a result of the corporate has weak cybersecurity measures in place.
Uber was compelled to take a number of of its inner platforms offline after studying of the in depth information breach.
“We’re at the moment responding to a cybersecurity incident,” Uber mentioned in an announcement. “We’re in contact with regulation enforcement and can put up extra updates right here as they turn into out there.”
The alleged hacker posted screenshots presupposed to be from Uber’s inner techniques to Telegram and the photographs unfold shortly to Twitter.
The screenshots included photographs of an Amazon Internet Providers web page, a HackerOne cybersecurity platform, the dashboard for Uber’s Slack account and what gave the impression to be a web page displaying monetary data, amongst others.
Uber CEO Dara Khosrowshahi had no remark. When requested by The Publish for additional touch upon the state of affairs, an Uber spokesperson pointed to the corporate’s brief assertion on Twitter.
Kevin Reed, the chief data safety officer at Acronis, mentioned the hacker possible discovered “excessive privileged credentials laying on a community file share and used them to entry every part.”
“What’s worse is if you happen to had your information in Uber, there’s excessive likelihood so many individuals have entry to it. Say, in the event that they know your e mail, they could then know the place do you reside,” Reed wrote on LinkedIn.
“This explicit attacker might not have exfiltrated the info, however there is no such thing as a approach of realizing it and the entire story makes me considering Uber was compromised by different, much less loud events.”