“I announce i am a hacker and uber has suffered a data breach,” the message mentioned.
It was adopted by a flurry of response emoji, together with a number of dozen exhibiting what gave the impression to be a siren symbols. Because of the hack, the individuals mentioned, some methods together with Slack and inside instruments had been quickly disabled.
Internal screenshots obtained by The Washington Post confirmed the hacker claiming to have wide-ranging entry insider Uber’s company networks and appeared to point the hacker was motivated by the corporate’s therapy of its drivers. The particular person claimed to have taken information from frequent software program used by Uber staff to write down new applications.
Uber pointed to its tweeted assertion when requested for touch upon the matter. The firm didn’t instantly reply to questions in regards to the extent to which inside data could have been compromised.
The New York Times first reported the incident.
Uber previously suffered a breach in 2016 that uncovered private data of 57 million individuals all over the world, together with names, electronic mail addresses and telephone numbers. It additionally included drivers license data from roughly 600,000 U.S. drivers. Two individuals accessed the knowledge through “a third-party cloud-based service” used by Uber on the time.
Uber, which relies in San Francisco, employs 1000’s of individuals globally who could have been affected by the hacker’s obstruction of methods. The firm has additionally come beneath fireplace for its therapy of drivers, who it has fought to maintain as contractors.
The hacker posted as Uber on a chat perform at HackerOne, which runs interference between researchers who’re reporting safety vulnerabilities and the businesses who’re affected by them. Uber and different firms use that service to handle studies of safety flaws in its applications and to reward researchers who discover them.
In that chat, which was seen by The Post, the alleged hacker claimed entry to Uber’s Amazon Web Services account.
AWS didn’t instantly reply to a request for remark. (Amazon founder Jeff Bezos owns The Post.)
In a subsequent interview on a messaging app, the alleged hacker advised The Post that that they had breached the corporate for enjoyable and would possibly leak supply code “in a few months.”
The particular person described Uber safety as “awful.”
Uber staff had been caught off guard by the sudden disruption to their workday, and a few initially reacted to the alarming messages as in the event that they had been a joke, in line with the screenshots.
The hacker’s ominous posts had been met with reactions apparently depicting the SpongeBob character Mr. Krabs, the favored “It’s Happening” GIF and queries as as to if the scenario was a prank.
“Sorry to be a stick in the mud, but I think IT would appreciate less memes while they handle the breach,” one message seen by The Post mentioned.