Uber : Hacked confirmed on Thursday that it’s responding to a cybersecurity incident after reports claimed that the company’s internal systems have been breached.
According to the New York Times, the ride-hailing giant discovered the breach on Thursday and has taken several of its international communications and engineering systems offline.
The alleged hacker, who is reportedly an 18-year-old, claimed that he has administrator access to company tools including Amazon Web Services and Google Cloud Platform.
In a Twitter post, the company confirmed that its internal systems have been compromised.
The Uber attacker hacked reportedly used social engineering to compromise an employee’s Slack account, persuading them to hand over a password that allowed them access to Uber’s systems.
The Slack message from the alleged hacker was so brazen that many Uber employees appear to have initially thought it was a joke, according to the Washington Post.
This has shut down internal Slack messaging as it investigates a cybersecurity breach by a hacker claiming to have accessed sensitive company data.
The perpetrator or perpetrators appeared to have gained access to part of Uber’s Amazon and Google-hosted cloud infrastructure, said Sam Curry, a researcher with Yuga Labs who said he had been in contact with the attacker. They also got into the “HackerOne” system, which helps Uber with a so-called bug bounty program that rewards hackers for exposing and reporting vulnerabilities.
“Pretty much everything,” Curry said when asked what got compromised. “They had access to all of HackerOne’s reports.” An Uber representative confirmed a breach had occurred but declined to elaborate.
The company, which said on Twitter it’s contacted law enforcement, froze all Slack communications while it investigates the hacker’s claims. Uber’s ride-hailing and food delivery services appeared to be operating normally across the world, the people said.
Uber has run afoul of hackers before. It paid $148 million to settle claims related to a large-scale data breach that exposed the personal information of more than 25 million of its US users in 2016. The New York Times reported the latest hack earlier on Thursday.
“HackerOne supports its customers. We’re in close contact with Uber’s security team, have locked their data down, and will continue to assist with their investigation,” Chris Evans, its chief hacking officer, said in a statement