11.2 C
New York

Uber Investigating Breach of Its Computer Systems


Uber discovered its computer network had been breached on Thursday, leading the corporate to take several of its internal communications and engineering systems offline because it investigated the extent of the hack.

The breach appeared to have compromised a lot of Uber’s internal systems, and an individual claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The Recent York Times.

“They stunning much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the one who claimed to be liable for the breach. “This can be a total compromise, from what it looks like.”

An Uber spokesman said the corporate was investigating the breach and contacting law enforcement officials.

Uber employees were instructed not to make use of the corporate’s internal messaging service, Slack, and located that other internal systems were inaccessible, said two employees, who weren’t authorized to talk publicly.

Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I’m a hacker and Uber has suffered an information breach.” The message went on to list several internal databases that the hacker claimed had been compromised.

The hacker compromised a employee’s Slack account and used it to send the message, the Uber spokesman said. It appeared that the hacker was later in a position to gain access to other internal systems, posting an explicit photo on an internal information page for workers.

The one that claimed responsibility for the hack told The Recent York Times that he had sent a text message to an Uber employee claiming to be a company information technology person. The employee was persuaded handy over a password that allowed the hacker to realize access to Uber’s systems, a method often called social engineering.

“These kind of social engineering attacks to realize a foothold inside tech corporations have been increasing,” said Rachel Tobac, chief executive of SocialProof Security. Ms. Tobac pointed to the 2020 hack of Twitter, during which teenagers used social engineering to interrupt into the corporate. Similar social engineering techniques were utilized in recent breaches at Microsoft and Okta.

“We’re seeing that attackers are getting smart and in addition documenting what’s working,” Ms. Tobac said. “They’ve kits now that make it easier to deploy and use these social engineering methods. It’s grow to be almost commoditized.”

The hacker, who provided screenshots of internal Uber systems to reveal his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the corporate had weak security. Within the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.

The person appeared to have access to Uber source code, email and other internal systems, Mr. Curry said. “It looks as if perhaps they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,” he said.

In an internal email that was seen by The Recent York Times, an Uber executive told employees that the hack was under investigation. “We don’t have an estimate straight away as to when full access to tools will likely be restored, so thanks for bearing with us,” wrote Latha Maripuri, Uber’s chief information security officer.

It was not the primary time that a hacker had stolen data from Uber. In 2016, hackers stole information from 57 million driver and rider accounts after which approached Uber and demanded $100,000 to delete their copy of the information. Uber arranged the payment but kept the breach a secret for greater than a yr.

Joe Sullivan, who was Uber’s top security executive on the time, was fired for his role in the corporate’s response to the hack. Mr. Sullivan was charged with obstructing justice for failing to reveal the breach to regulators and is currently on trial.

Lawyers for Mr. Sullivan have argued that other employees were liable for regulatory disclosures and said the corporate had scapegoated Mr. Sullivan.

Get the latest Sports Updates (Soccer, NBA, NFL, Hockey, Racing, etc.) and Breaking News From the United States, United Kingdom, and all around the world.

Related articles


Recent articles