Uber investigating "total compromise" of its internal systems
The attacker used social engineering to obtain a password from an employee
Ride hailing giant Uber is investigating a cybersecurity breach by a hacker who claims to have stolen sensitive data from the company's internal systems.
The New York Times first reported the incident, stating that Uber had taken several of its internal communication systems, including Slack and engineering systems, offline as it looks into the attack's scope.
A source told the publication Uber employees received a Slack message on Thursday from an unknown sender, who said they were a hacker and that "Uber has suffered a data breach."
The person detailed a number of internal databases they claimed to have hacked.
They appear to have compromised an employee's Slack app and used it to deliver the message to other employees. Uber decided to take the Slack system offline entirely in response, according to the report.
The attacker was apparently able to use their Slack access to reach other internal company systems, as indicated by an explicit picture posted on an internal employee information page.
The individual sent screenshots of emails, cloud storage, and code repositories to both The New York Times and cybersecurity researchers.
The person said they had sent a text message to an Uber employee, pretending to be a member of the company's IT department. They were able to convince the employee to hand over a password, which gave them access to Uber's systems.
Jake Moore, global cyber advisor at ESET, said the claim "highlights once again the importance of training staff to remain eagle eyed and with the ability to spot targeted phishing attempts and double check before handing over any sort of credentials."
Deryck Mitchelson, field CISO at Check Point, said, "There are solutions that can actively guard against sophisticated phishing techniques like this but it is also absolutely critical that organisations take the time to educate employees on the threat."
The hacker claims to be 18 years old, and said the company's lax security was the reason they was able to access Uber's servers. They also advocated for increased compensation for Uber drivers in the Slack message.
Sam Curry, a security engineer at Yuga Labs who spoke with the hacker, said they "pretty much have full access to Uber."
"This is a total compromise, from what it looks like."
Bleeping Computer says it has been in touch with the attacker and has seen screenshots showing access to Uber IT systems, including the company's security software as well as the Windows domain.
The screenshots also suggest the hacker has access to the firm's Google Workspace email admin dashboard, VMware ESXi virtual machines, AWS console and Slack server.
An Uber spokesperson said the company was investigating the incident and has been in touch with law enforcement.
This is not the first time Uber has had a data breach.
The company came under fire for failing to properly report a data breach that occurred in 2016 and affected 57 million passengers and drivers. Uber ultimately paid the hackers $100,000 to cover the breach, and it wasn't until the latter half of 2017 when it was made public.
US federal prosecutors have since charged the company's former security officer, Joe Sullivan, with an attempt to cover-up the incident.
They state that he "instructed his team to keep knowledge of the 2016 breach tightly controlled." Sullivan has refuted the allegations against him.