Online Security

Uber Hacked! Sensitive Info Like Internal Systems, Email, Slack Server Exposed

By Shreya Bose

Uber is investigating a cyberattack amidst reports that the company’s internal systems have been breached.

Uber Hacked! Sensitive Info Like Internal Systems, Email, Slack Server Exposed

It was forced to take several internal communications and engineering systems offline.

Contents

Initially not taken seriously

The hacker, who claims to be an 18-year old, says they have administrator access to company tools like Amazon Web Services and Google Cloud Platform.

This includes access to vulnerability reports and sharing screenshots of the company’s internal systems, email dashboard, and Slack server.

Uber employees’ Slack app, a workplace messaging app was hacked to send a message to other employees informing them that the Uber systems had suffered a data breach.

This message was so brazen that many Uber employees initially thought it was a joke.

Employees accordingly responded with lighthearted emoji like sirens and popcorn, as well as the “it’s happening” GIF.

Vulnerability reports- valuable asset

A source said the attacker downloaded all vulnerability reports before they lost access to Uber’s bug bounty program.

This likely includes vulnerability reports that have not been fixed, presenting a severe security risk to Uber.

This bears significance since these vulnerability reports are meant to be kept confidential until a fix can be released to prevent attackers from exploiting them in attacks.

First incidence

Yuga Labs security engineer Sam Curry said that he first learned of the breach after the attacker left a comment on a vulnerability report he submitted to Uber two years ago.

It read, “UBER HAS BEEN HACKED (domain admin, aws admin, vsphere admin, gsuit SA) AND THIS HACKERONE ACCOUNT HAS BEEN ALSO”.

A spokesperson for the company declined to answer additional questions,

However, the company tweeted, “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available” the statement reads.

Introduction

The hacker apparently introduced himself by posting a message on the company’s internal Slack system. “I announce I am a hacker and Uber has suffered a data breach.”

They then listed confidential company information they said they’d accessed, then posted a hashtag saying that Uber underpays its drivers.

The hacker said to a news outlet that they breached Uber for fun.

He is also considering leaking the company’s source code.

Yuga Labs security engineer Sam Curr quipped “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life.”

Shreya Bose 1654 posts 0 comments

Shreya is a freelance writer. Her articles cover current affairs in government, banking, auto, business and other salient news of the day. Each topic is well researched from multiple sources and written with focus on detail.

You might also like More from author
3 Comments
  1. Techmeme: The 5th Circuit federal court’s ruling to uphold the Texas social media content moderation law is based on a misrepresentation of how Section 230 actually works (Mike Masnick/Techdirt) - wannafollowblog.com

    […] Hacker News, The Verge, Metacurity, International Business Times, MobileSyrup, Dark Reading, Trak.in, DataBreaches.net, Fossbytes, Gizmodo, Engadget, and […]

  2. Singapore-based cloud HR management service Atlas Technology raised a Series B of up to $200M from Sixth Street Growth, after raising $20M in 2020 (Maria Deutscher/SiliconANGLE) - Cybernonstop

    […] Shreya Bose / Trak.in:   Uber Hacked! Sensitive Info Like Internal Systems, Email, Slack Server Exposed […]

  3. A Vietnamese couple says they wiped some of Intercontinental Hotels Group's data, accessed using the password Qwerty1234, after a failed ransomware attack (Joe Tidy/BBC) - Cybernonstop

    […] Shreya Bose / Trak.in:   Uber Hacked! Sensitive Info Like Internal Systems, Email, Slack Server Exposed […]

Comments are closed, but trackbacks and pingbacks are open.

who's online