Hacker steals sensitive data from ride-hailing service provider Uber

San Francisco (AP) – Uber has become the victim of a hack attack. According to a report in the New York Times, the cyber attack affected many of the car dispatcher’s internal systems.

The company spoke of a “cyber security incident” on Twitter on Friday. Uber will investigate the incident and have contacted law enforcement.

The “New York Times” relies on material that has been leaked to it by the alleged burglar. Among them were screenshots of Uber internal emails and documents from cloud storage. According to the screenshots, the attacker even had access to the program code of the Uber applications.

It is not publicly known whether customer data was also stolen. The ongoing operation of the services of Uber and Uber Eats were not affected by the incident.

Weak protection against cyber attacks at Uber

The hacker, who provided the screenshots of internal Uber systems to demonstrate his access, said he is only 18 and has been working on his cybersecurity skills for several years. He wrote that he had penetrated Uber’s systems because the company was weakly protected against cyber attacks.

“They (the attackers) have pretty much full access to Uber,” said Sam Curry, an engineer at security firm Yuga Labs. He had previously corresponded with the person who claimed to be responsible for the burglary. “As it stands, it’s a total compromise.”

According to the report, Uber employees were instructed to stop using the company’s internal messaging service Slack. Accordingly, the employees had shortly before received a self-accusation message from the alleged attacker via Slack: “I announce that I am a hacker and that Uber has suffered a data breach”.

The perpetrator’s actions

The hacker used an employee’s Slack account to send the message for his attack. In order to gain control of this Slack account, the alleged perpetrator sent a text message to an Uber employee posing as the company’s information technology employee. The employee was persuaded to submit a password that allowed the hacker access to other Uber systems.

It wasn’t the first time that Uber has been the victim of a cyber attack. In 2016, hackers stole information from 57 million driver and passenger accounts and then demanded $100,000 to wipe their copy of the data. According to media reports, Uber paid the ransom at the time.