Uber is facing a “cybersecurity incident” in which it has involved the police, the company itself reports. According to sources including The New York Times, a hacker “penetrated many internal Uber Systems” and took several systems offline.
The New York Times spoke with security researcher Sam Curry, of web3 company Yuga. He said the attacker had “full access” to Uber’s internal systems. The 18-year-old hacker would not have installed ransomware; he would have broken in because Uber’s security would be ” weak.” In the Slack message announcing the hack, he would have further called for higher fees for Uber drivers.
The hacker allegedly penetrated the Uber intranet through social engineering. In other words, he or she convinced an Uber employee to hand over a password with an excuse. In addition to accessing the Uber Slack, the attacker would also have access to source codes, email systems ” and other internal systems.”
Uber has already publicly acknowledged that something is going on. The company wrote on Twitter: “We are currently facing a cybersecurity incident. We are in contact with the police and will post additional updates as they become available.”
Also from another angle, alleged information about the hack comes out. Screenshots of conversations between the hacker and another person are circulating on Twitter, among others. There are also images of the intranet parts of Uber shared. Its authenticity has not yet been confirmed. The attacker claims in the alleged screenshots that he found a Powershell script on the internal network with admin credentials, after which he was able to access ” DA, DUO, Onelogin, AWS and Gsuite.”
Although Uber would have shut down internal systems to limit the damage, the company’s services do not seem to be interrupted.