Uber confirmed it’s coping with a “cybersecurity incident” after a teenage hacker reportedly breached the ride-sharing large’s inside techniques and commenced taunting staff with specific messages and pictures.
The hacker who took duty reportedly claims to be simply 18 years outdated, and gained entry to the ride-sharing large’s inside networks by pretending to be an IT employee and asking for an unnamed Uber worker’s password.
The alleged hacker disclosed the information breach in messages to the New York Times and cybersecurity researchers, the outlet reported. Uber workers discovered that techniques had been compromised after the hacker posted a brazen message on the corporate’s Slack messaging platform.
“I announce I’m a hacker and Uber has suffered a knowledge breach,” the message stated. The hacker additionally reportedly posted that Uber drivers needs to be higher compensated for his or her work.”
The hacker appeared to have gained full management of Uber’s techniques, safety engineer Sam Curry of Yuga Labs instructed the New York Occasions.
“They stunning a lot have full entry to Uber,” Curry stated. “This can be a complete compromise, from what it seems to be like.”
The hacker purportedly taunted Uber workers by sharing on firm platforms. One worker told Fortune that the hacker posted a photograph of an erect penis and the message “F— YOU DUMB WANKERS.”
The hacker instructed The New York Occasions that he determined to breach Uber’s techniques as a result of the corporate has weak cybersecurity measures in place.
Uber was compelled to take a number of of its inside platforms on-line after studying of the in depth information breach.
“We’re presently responding to a cybersecurity incident,” Uber stated in a press release. “We’re in contact with regulation enforcement and can publish further updates right here as they develop into accessible.”
The alleged hacker posted screenshots presupposed to be from Uber’s inside techniques to Telegram and the pictures unfold shortly to Twitter.
The screenshots included pictures of an Amazon Net Companies web page, a HackerOne cybersecurity platform, the dashboard for Uber’s slack account and what gave the impression to be web page displaying monetary data, amongst others.
When requested by The Submit for additional touch upon the state of affairs, an Uber spokesperson pointed to the corporate’s brief assertion on Twitter.
Kevin Reed, the chief data safety officer at Acronis, stated the hacker seemingly discovered “excessive privileged credentials laying on a community file share and used them to entry every part.”
“What’s worse is for those who had your information in Uber, there’s excessive probability so many individuals have entry to it. Say, in the event that they know your electronic mail, they could then know the place do you reside,” Reed wrote on LinkedIn.
“This explicit attacker could not have exfiltrated the information, however there isn’t a method of realizing it and the entire story makes me pondering Uber was compromised by different, much less loud events.”