Uber is investigating a cybersecurity incident as its employees received a Slack message from an unknown person saying, “I am a hacker.”
According to The New York Times and Bloomberg, Uber took Slack offline and was in touch with law enforcement.
The hacker’s identity is unknown, but a person asserting to be behind the hack has spoken to some cybersecurity experts.
Uber employees acquired a message from an unknown person on the company Slack that read, “I am a hacker.” The apparent hacker also detailed numerous internal databases they claimed to have accessed.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
— Uber Comms (@Uber_Comms) September 16, 2022
The suspected hacker told The Times that he was just 18 years old and had access to Uber’s systems by texting an Uber worker pretending to be a corporate information technology person. He then sent The Times images that showed access to lists of Uber cloud storage information, emails, and code.
Sam Curry, a security engineer at Yuga Labs, tweeted that the attacker “is claiming to have completely compromised Uber” and shared screenshots indicating that the person had full admin access to Google Cloud Platform and Amazon Web Services. “This is a total compromise, from what it looks like,” Curry said.
Uber was also the victim of a massive cyberattack back in 2016. It disclosed the personal data of 57 million people, including both riders and drivers. The company then paid hackers $100,000 to obliterate the data from their servers. But details of this data breach weren’t shared until a year after the incident occurred.