Uber was hacked and had to take its internal messaging service and engineering systems offline to investigate the incident, according to The New York Times. Sources who spoke to the publication said employees were instructed not to use Slack, where the bad actor had posted a message saying “I’m announcing that I’m a hacker and Uber has suffered a data breach” (along with a bunch of emoji). ) was previously disconnected. In a tweet confirming the breach, the company said it is currently responding to a cybersecurity incident and is now in contact with law enforcement.
We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post additional updates here as they become available.
— Uber Communications (@Uber_Comms) September 16, 2022
The company did not say what exactly the hacker was able to access and whether user data was compromised. The times However, it says the hacker’s Slack message also lists databases they claim they were able to break into. And based on screenshots seen by washington post, the bad actor boasted of being able to collect internal code and messaging data. An Uber spokesperson explained that the bad actor was able to post on the company’s Slack after compromising a worker’s account. They then gained access to other internal Uber systems and posted an explicit photo on an internal page.
Bug bounty hunter and security researcher Sam Curry tweeted information allegedly from an Uber employee that could be about that explicit photo:
From an Uber employee:
Feel free to share, but don’t credit me: At Uber, we received an “URGENT” email from IT security telling us to stop using Slack. Now every time I request a website, I am taken to a REMOVED page with a pornographic image and the message “F*** you wankers”.
— Sam Curry (@samwcyo) September 16, 2022
The fact that Uber admitted to the incident and contacted authorities shortly after it happened is a huge departure from the way it handled the data breach it suffered in 2016. The company hid that attack for a year and in Instead of reporting the incident, he paid the hackers. $100,000 to delete the information that was stolen. Former Uber security chief Joseph Sullivan was fired and eventually charged with obstruction of justice for his role in the cover-up, though his lawyers argued he was used as a scapegoat. Uber reached an agreement with the Department of Justice for not disclosing the violation in July of this year.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at time of publication.