A couple of days ago, an 18-year old, sent to a message to to Uber employees via its Slack platform saying ““I announce I am a hacker and Uber has suffered a data breach.”
According to a New York Times report, the hacker said he compromised Uber because the company had weak security. He used social engineering to compromise an employee’s Slack account, persuading the employee to hand over a password that allowed him access to Uber’s systems.
The hacker compromised a worker’s Slack account and used it to send the message, the Uber spokesman said. It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees.
New York Times
The Uber hacker, who provided screenshots of internal Uber systems to demonstrate his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.
In an internal email that was seen by The New York Times, an Uber executive told employees that the hack was under investigation. “We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” wrote Latha Maripuri, Uber’s chief information security officer.
Uber has already responded last week Thursday that it was looking into the scope of the apparent hack and contacting law enforcement officials. It also instructed its employees not to use the company’s Slack service.
This is not the first time that Uber network has been breached. In 2016, hackers stole information from 57 million driver and rider accounts and then approached Uber and demanded $100,000 to delete their copy of the data. Uber complied , arranged the payment but kept the breach a secret for more than a year.
British and Dutch regulators fined the ride-hailing service $1.2 million for failing to protect customers’ personal information during the 2016 cyber attack.
Uber Security Executive Joseph Sullivan was fired for his role in this and subsequently charged with obstruction of justice over accusations that he attempted to cover up the Uber hack.
