Uber Inc. is looking into a cybersecurity incident in which a hacker claimed to have broken into its internal network and taken down multiple engineering and communications systems. The incident, which was initially mentioned on social media, affected Uber’s internal Slack messaging, which was shut down following a cybersecurity attack that compromised the company’s data.
According to reports, Uber employees got a Slack message on Thursday from someone claiming to be a hacker. The attacker also demanded that the corporation raise the compensation of its drivers.
“I announce I am a hacker and Uber has suffered a data breach,” the message read.
Uber’s internal communication system is Slack.
After gaining access to one of the company’s Slack accounts, the hacker was able to penetrate Uber’s internal databases, after which they put an explicit photo on the company’s internal information page for its employees.
The unidentified hacker claims to have taken Uber’s confidential data and to have shared photos of cloud storage, email, and code repositories with cybersecurity specialists. According to Yuga Labs security engineer Sam Curry, the hacker appears to have acquired complete access to Uber’s internal computer systems and committed a “total compromise.”
According to a New York Times reporter, the hacker claims to be 18 years old and that he hacked the Uber servers because “they had insufficient security.” He further alleges that this was accomplished through social engineering an Uber employee to gain login information.
Meanwhile, Uber has directed its staff not to use Slack, and its other internal services are also unavailable. Curry also provided a note that appeared to be from an Uber employee, confirming the incident unofficially.
Additional screenshots leaked by the threat actor show they allegedly have access to Uber’s AWS instance, vSphere, Google workplace, HackerOne administration panel, and several other platforms used by the San Francisco, California-based ride-hailing giant, according to malware analysis platform vx-underground on Twitter.
According to The New York Times, the hacker into Uber’s communication system using social engineering techniques. He pretended to be a corporate information technology professional and sent a text message to an Uber employee, convincing them to hand over their Slack password.
After that, it was rather simple to gain access to Uber’s systems. The hacker claims to be eighteen years old and claims that he was able to penetrate the ride-hailing company’s systems due to lax security.
Latha Maripuri, Uber’s top information security officer, said that there is no particular timetable for when its services would be fully restored.
Follow The420.in on