Ride-hailing giant Uber has confirmed that it is responding to a cyber security incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems.
Attacker announces Uber breach through compromised Slack account
In a statement on Twitter, Uber wrote “We are currently responding to a cyber security incident. We are in touch with law enforcement and will post additional updates here as they become available.”
While details from the company are currently sparse, a report by the New York Times on Thursday claimed that a hacker was able to compromise an employee’s Slack account and used it to send a message to Uber employees announcing that the company had suffered a data breach.
The report, which cited an Uber spokesperson, also claimed that the hacker posted, “I announce I am a hacker and Uber has suffered a data breach,” before listing several internal databases that were apparently compromised.
The person claiming responsibility for the hack told the New York Times that they had sent a text message to an Uber employee claiming to be a corporate IT person, persuading them hand over a password that allowed the actor to gain access to Uber’s systems.
According to a tweet by security researcher and bug bunty hunter Sam Curry, an anonymous Uber employee stated, “At Uber, we got an “URGENT” email from IT security saying to stop using Slack. Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers.”
Speaking to CSO, Jake Moore, global cyber security advisor at ESET, says, “The use of a simple social engineering hack via SMS to hack into their systems leaves Uber with not just embarrassment but questions on how much data was so easily accessible behind one simple compromise.
Attackers should never be underestimated and those targeted must remain vigilant to such attacks. Therefore, personal data needs to be behind much stricter securities and must be protected the best it can be not only from insider threats but also relentless attackers looking for vulnerable staff.”
CSO will follow this story and update as more details come to light.