Uber says there is “no evidence” that any of its users’ private information was compromised in a breach of its internal computer systems discovered on Thursday. All of the company’s products, including its meal delivery services and Uber Eats, are currently “operational” and law enforcement has been notified, Uber said in a statement this afternoon.
The hack forced the company to take several of its internal systems offline, including Slack, Amazon Web Services and Google Cloud Platform. Uber is continuing to investigate how a hacker, who claims to be 18, was able to gain admin access to the company’s internal tools.
These internal software tools were taken offline yesterday afternoon as a “precaution” and began to come back online earlier today, the company says.
The hacker announced himself to Uber employees by posting a message on the company’s internal Slack system. “I am announcing that I am a hacker and that Uber has suffered a data breach”, message screenshots circulating on Twitter read. The alleged hacker then listed the company’s confidential information they said they had accessed and posted a hashtag stating that Uber was underpaying its drivers.
The suspected hacker, who spoke to a reporter with The New York Times, claims to have received a password allowing access to Uber’s systems from a company employee whom he tricked into posing as a company IT manager – a technique known as hacking social engineering.
Security experts consulted by the Time said the hack appeared to be a “total compromise” of Uber’s systems. But the company isn’t advising its users to make proactive changes to their accounts at this time, such as changing passwords, a spokesperson said.
This isn’t the first time Uber has fallen victim to hackers. The company was the target of a massive cybersecurity attack that took place in October 2016, exposing the confidential data of 57 million customers and drivers. Uber recently admitted to covering up the hack as part of a deal with the US Department of Justice to avoid criminal prosecution.
Hackers used stolen credentials to access a private source code repository and obtain a proprietary access key, which they then used to access and copy large amounts of data associated with users and drivers of ‘Uber, including data for approximately 57 million user records with 600,000 driver’s licenses. Numbers.
Joe Sullivan, Uber’s chief security officer at the time, was complicit in the cover-up and was later charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and management. from Uber. Uber CEO Dara Khosrowshahi has just spoken during his trial, which began earlier this month.