Uber investigating ‘cybersecurity incident’ after breach reported

Uber Technologies Inc has said it was investigating a cybersecurity incident after its network was apparently breached and the transport provider had to shut down several internal communications and engineering systems.

A hacker compromised an employee’s workplace messaging app Slack and used it to send a message to Uber employees announcing the company had suffered a data breach, according to a New York Times newspaper report on Thursday that cited an Uber spokesperson.

It appeared the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the report added.

“We are in touch with law enforcement and will post additional updates here as they become available,” Uber said in a tweet, without providing further details.

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

— Uber Comms (@Uber_Comms) September 16, 2022

‘Lock down everything’

“It seems like they’ve compromised a lot of stuff,” said Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.

Curry said he spoke to several Uber employees who said they were “working to lock down everything internally” to restrict the hacker’s access.

The Slack system was taken offline by Uber after employees received the message from the hacker, according to the Times report, citing two employees who were not authorised to speak publicly.

“I announce I am a hacker and Uber has suffered a data breach,” the message read, and went on to list several internal databases claimed to be compromised, it added.

A person, claiming responsibility for the hack, told the newspaper he had sent a text message to an Uber employee claiming to be a corporate IT person.

The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, it said.

Slack said in a statement to the Reuters news agency the company was investigating the incident and there was no evidence of a vulnerability inherent to its platform. “Uber is a valued customer, and we are here to help them if they need us,” said Slack, which is owned by Salesforce Inc.

Uber employees were instructed to not use Slack, according to the report. Other internal systems, too, were inaccessible.

No real damage

Curry said there was no indication the hacker had done any damage or was interested in anything more than publicity. There was also no indication that Uber’s fleet of vehicles or its operation was in any way affected.

“My gut feeling is that it seems like they are out to get as much attention as possible,” said Curry.

The hacker alerted Curry and other security researchers to the intrusion by using an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network through its bug-bounty programme, which pays ethical hackers to ferret out network weaknesses.

The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.

The Times said the hacker reported being 18 years old and said they broke in because the company had weak security.

The company has been hacked before.

Its former head of security Joseph Sullivan is currently on trial on allegations he arranged to pay hackers $100,000 to cover up a 2016 high-tech heist in which the personal information of about 57 million customers and drivers was stolen.