Uber Technologies said on Thursday (September 15) it is investigating a cybersecurity incident that caused it to take much of its computer systems offline.
A hacker compromised an employee’s Slack messaging app at his workplace and used it to send a message to Uber employees announcing that the company had suffered a data breach, according to an article by the New York Times released Thursday that quotes an Uber spokesperson.
According to New York Timeswho had access to screenshots and internal documents sent by cybersecurity experts, the hacker who penetrated Uber’s computer network would be only 18 years old. It appears the hacker was then able to gain access to other internal systems, posting an explicit photo on an internal employee information page, the article adds.
“We are in contact with law enforcement and will post additional updates here as they become available,” Uber said on Twitter, without giving further details.
We have blocked the display of this content to respect your cookie choices.
By clicking on “Consult”, you accept the deposit of cookies by social network services such as Twitter.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
— Uber Comms (@Uber_Comms) September 16, 2022
A password given by SMS
The Slack system was taken offline Thursday afternoon by Uber after employees received the hacker’s message, according to the article citing two employees who were not authorized to speak publicly. “I am announcing that I am a hacker and that Uber has suffered a data breach”, says the message, which then lists several internal databases that were allegedly compromised, the article reports.
A person claiming responsibility for the hack told the newspaper that they texted an Uber employee claiming to be an IT manager for the company. The employee was asked to provide a password that allowed the hacker to access Uber’s systems, according to the report.
Slack told Reuters that the company was investigating the incident and that there was no evidence of an inherent vulnerability in its platform. “Uber is an important customer, and we are here to help them if they need us,” said Slack, which is owned by Salesforce. Uber employees have been instructed not to use Slack, according to the article. Other internal systems were also inaccessible.