Uber responding to ‘cybersecurity incident’ after hack | Uber

Uber has been hacked in an assault that seems to have breached the ride-hailing firm’s inside techniques.

The California-based firm confirmed it was responding to a “cybersecurity incident”, after the New York Occasions reported {that a} hack had accessed the corporate’s community and compelled it to take a number of inside communications and engineering techniques offline. The hacker claimed to be 18 years outdated, in line with the report.

Uber confirmed that there are not any points with the corporate’s service, which operates in additional than 10,000 cities world wide.

A hacker compromised the worker office messaging app Slack and used it to ship a message to Uber workers saying that it had suffered an information breach.

Sam Curry, a senior engineer at non-fungible token creator Yuga Labs, stated he was contacted by the Uber hacker on the HackerOne platform and had been proven “very convincing” screenshots of full administrative entry to Uber’s cloud providers.

“From my understanding, the attacker had keys to the dominion after acquiring an inside file with credentials to almost all the things,” Curry informed the Guardian. He added: “Based mostly on the screenshots and my understanding of the hack, they probably had entry to learn/modify the cloud providers which run Uber and retailer person info.”

The corporate has been hacked earlier than. Its former chief safety officer, Joseph Sullivan, is on trial on allegations he organized to pay hackers $100,000 as a part of an try to cowl up a 2016 assault through which the private info of about 57 million prospects and drivers was stolen.

Alan Woodward, a professor of cybersecurity at Surrey College, stated: “Because the hacker does seem to have such high-level entry it’s additionally going to be tough for Uber to know they’ve managed to take away the hacker from the community. It may imply a significant rebuild of their techniques, which can trigger severe disruption.”

It appeared the hacker was capable of achieve entry to different inside firm techniques, posting an specific picture on an inside info web page for workers, in line with the New York Occasions. “We’re in contact with regulation enforcement and can publish extra updates right here as they turn into obtainable,” Uber stated within the tweet confirming the assault.

The Slack system was taken offline on Thursday afternoon by Uber after workers acquired the message from the hacker.

“I announce I’m a hacker and Uber has suffered an information breach,” the message learn, occurring to listing a number of inside databases that have been claimed to be compromised, the report added.

The New York Occasions reported that the one who claimed duty for the hack stated they gained entry by means of social engineering, a time period for tricking an worker into granting entry.

The hacker despatched a textual content message to an Uber employee claiming to be an organization tech worker and persuaded the employee handy over a password that gave them entry to the community. The hacker, who had supplied a Telegram account handle, stated they broke in as a result of the corporate had weak safety, in line with the report.

Employees on the firm have been instructed to not use Slack. Different inside techniques, too, have been reportedly inaccessible.