Uber was hacked and had to take its internal intelligence and technical systems offline to investigate the incident The New York Times. Sources speaking to the publication said staff were instructed not to go on Slack, where the badass actor previously posted a message that read, “I’m announcing that I’m a hacker and Uber has suffered a data breach” ( along with a bunch of emojis) it was taken offline. In a tweet confirming the breach, the company said it was currently responding to a cybersecurity incident and is now in contact with law enforcement.
We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post further updates here as they become available.
— Uber Comms (@Uber_Comms) 09/16/2022
The company didn’t say what exactly the hacker was able to access and whether any user data was compromised. The times says the hacker’s Slack message also lists databases they claim they were able to infiltrate. And based on screenshots seen by The Washington Post, the villain boasted of being able to collect internal code and messaging data. An Uber spokesman explained that the bad actor was able to post on the company’s Slack after compromising a worker’s account. They then gained access to other Uber internal systems and posted an explicit photo on an internal page.
Bug bounty hunter and security researcher Sam Curry reportedly tweeted information from an Uber employee that may relate to this explicit photo:
From an Uber employee:
Feel free to share, but please don’t credit me: At Uber, we received an “URGENT” email from IT Security saying to stop using Slack. Now every time I request a website I’m taken to a CENSORED page with a pornographic image and the message “F*** you motherfucker”.
— Sam Curry (@samwcyo) 09/16/2022
That Uber admitted to the incident and contacted authorities shortly thereafter is a massive departure from the way it handled the data breach in 2016. The company hid this attack for a year and instead of reporting the incident, it paid the hackers $100,000 to delete the stolen information. Former Uber security chief Joseph Sullivan was fired and eventually charged with obstruction of justice for his role in the cover-up, though his lawyers argued he was being used as a scapegoat. Uber has settled with the Justice Department for failing to disclose the violation in July this year.
All products recommended by Engadget are selected by our editorial team independently from our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission. All prices are correct at time of publication.
https://www.engadget.com/uber-investigating-cybersecurity-incident-051250020.html?src=rss Uber says it’s investigating a ‘cybersecurity incident’