Uber says alleged teen hackers broke regulations, mocked workers
Uber has confirmed it’s dealing with a “cybersecurity incident” after a teenage hacker was said to have hacked the ride-sharing giant’s internal systems and started mocking workers with candid messages and photos.
The hacker who took charge is said to be just 18 years old, and gained access to the ride-sharing giant’s internal networks by pretending to be an IT worker and asking for an unnamed password for an Uber employee.
The alleged hacker disclosed the data breach in letters to the New York Times and cybersecurity researchers, the outlet reported. Uber employees learned that the systems had been hacked after the hacker posted a rude message on the company’s Slack messaging platform.
“I announce that I am a hacker and that Uber has suffered a data breach,” the message read. The hacker also reportedly posted that Uber drivers should get “better compensation for their work.”
Security engineer Sam Curry of Yuga Labs told the New York Times that it appears the hacker has gained complete control of Uber’s systems.
“They pretty much have full access to Uber,” said Carey. “That’s a complete compromise, from what it looks like.”
The hacker allegedly made fun of Uber employees by posting on the company’s platforms. An employee told Fortune that the hacker posted a picture of an erect penis and the message “F- YOU DUMB WANKERS.”
The hacker told the New York Times that he decided to breach Uber’s systems because the company had poor cybersecurity measures in place.
Uber was forced to shut down several of its internal platforms after learning of a widespread data breach.
“We are currently responding to a cybersecurity incident,” Uber said in a statement. “We are in contact with law enforcement and will post additional updates here as they become available.”
The alleged hacker posted screenshots allegedly from Uber’s internal systems to Telegram and the images quickly spread to Twitter.
The screenshots included images of the Amazon Web Services page, HackerOne’s cybersecurity platform, the dashboard of Uber’s Slack account and what appeared to be a page displaying financial information, among other things.
When asked by The Post for further comments on the situation, an Uber spokesperson referred to the company’s short statement on Twitter.
Kevin Reed, chief information security officer at Acronis, said the hacker likely found “highly privileged credentials that he places on the network file share and uses to access everything.”
“What’s worse is that if you have your Uber data, there is a good chance that a lot of people will be able to access it. For example, if they know your email, they may then know where you live,” Reed wrote on LinkedIn.
“This particular attacker may not have hacked the data, but there’s no way to know and the whole story makes me believe that Uber was hacked by other, less vocal parties.”