Uber investigates hacker’s claim that he hacked key databases


Uber Technologies Inc. has shut down internal Slack messaging as it investigates a cybersecurity breach by a hacker who claims to have access to sensitive company data.

Employees received a Slack message on Thursday from an unknown person claiming “I’m a hacker,” according to one knowledgeable person. The perpetrator co-opted an employee’s account and also claimed to have gained access to internal databases, the person said. The cyber attacker was an 18-year-old who managed to infiltrate a plethora of internal systems, providing snapshots of emails and code repositories to prove his exploits, the New York Times reported.

ALSO READ  G7's price cap on Russian oil takes shape, but will Russia bypass insurance rules?

Shares of Uber fell 5.2% in pre-market trading in New York on Friday.

The perpetrator or perpetrators appeared to have gained access to some of Uber’s Amazon and Google-hosted cloud infrastructure, said Sam Curry, a researcher at Yuga Labs who said he had been in contact with the attacker. They also got into the “HackerOne” system, which helps Uber with a so-called bug bounty program that rewards hackers for exposing and reporting vulnerabilities.

“Pretty much everything,” Curry said when asked what had been compromised. “They had access to all of HackerOne’s reports.” An Uber representative confirmed a breach had occurred, but declined to comment.

ALSO READ  Lloyd's gives green light to Asta-owned Trium Cyber ​​Syndicate 1322

The company, which said on Twitter it contacted police, has blocked all Slack communications while investigating the hacker’s claims. Uber’s taxi and food delivery services appeared to be operating normally around the world, people said.

Uber has come into contact with hackers before. It paid $148 million to settle claims related to a large-scale data breach that revealed the personal information of more than 25 million of its US users in 2016. The New York Times reported the latest hack earlier on Thursday.

ALSO READ  Citigroup wins appeal against wrong Revlon bank transfer

“HackerOne supports its customers. We are in close contact with Uber’s security team, have their data locked down and will continue to assist with their investigation,” Chris Evans, the chief hacking officer, said in a statement.

Photo: Uber Technologies headquarters in San Francisco. Photographer: David Paul Morris/Bloomberg

Copyright 2022 Bloomberg.

Was this article valuable?

Here are more articles you may like.

Interested in Ridesharing?

Receive automatic notifications for this topic.


Please enter your comment!
Please enter your name here