Uber hacked by hacker in cybersecurity incident

SAN FRANCISCO — Uber’s computer systems were hacked and the company alerted authorities, the ride-sharing giant said Thursday.

The ride-sharing company said in a tweet that it was “responding to a cybersecurity incident.”

The hacker surfaced in a message posted to Slack, according to two people familiar with the matter, who spoke on condition of anonymity due to the sensitive nature of the incident.

“I am announcing that I am a hacker and that uber has suffered a data breach,” the post read.

It was followed by a flurry of reaction emoji, including several dozen showing what appeared to be mermaid symbols. Because of the hack, the people said, some systems, including Slack and internal tools, were temporarily disabled.

Internal screenshots obtained by The Washington Post showed the hacker claiming to have broad access to Uber’s corporate networks and appeared to indicate the hacker was motivated by the company’s treatment of its drivers. The person claimed to have taken data from common software used by Uber employees to write new programs.

Uber underlined its tweeted statement when asked to comment on the matter. The company did not immediately respond to questions about the extent to which inside information might have been compromised.

Uber waits a year to report massive customer data breach

The New York Times first reported The Incident.

Uber already suffered an offense in 2016 which revealed the personal details of 57 million people worldwide, including names, email addresses and phone numbers. It also included driver’s license information for approximately 600,000 US drivers. Two people entered the information through “a third-party cloud service” used by Uber at the time.

Uber, which is based in San Francisco, employs thousands of people worldwide who may have been affected by the hacker’s obstruction of systems. The company has also been criticized for its treatment of drivers, whom it has fought to keep as contractors.

The hacker posted as Uber on a chat feature on HackerOne, which handles interference between researchers reporting security vulnerabilities and companies affected by them. Uber and other companies use this service to manage reports of security vulnerabilities in its programs and to reward researchers who find them.

In that conversation, which was seen by The Post, the alleged hacker claimed access to Uber’s Amazon Web Services account.

What to do if you are hacked

AWS did not immediately respond to a request for comment. (Amazon founder Jeff Bezos owns The Post.)

In a later interview on a messaging app, the suspected hacker told The Post he breached the company for fun and could leak the source code “in a few months.”

The person described Uber’s security as “awful”.

Peiter “Mudge” Zatko’s journey from hacker to Twitter whistleblower

Uber employees were caught off guard by the sudden disruption to their workday, and some initially reacted to the alarming messages as if it were a joke, according to screenshots.

The hacker’s disturbing posts prompted reactions apparently depicting the SpongeBob character Mr. Krabs, the popular “It’s Happening” GIF, and questions about whether the situation was a prank.

“Sorry to be a stick in the mud, but I think IT would appreciate less memes while they deal with the breach,” said a message seen by The Post.

Leave a Comment