Following the vulnerability of numerous internal communications and engineering systems, Uber is looking into a hack on its computer systems.
The computer network of Uber has been hacked.
The ride-hailing company stated that it was conducting an investigation after several internal communications and engineering systems were compromised.
The breach was first reported by the New York Times after the hacker sent the newspaper images of email, cloud storage, and code repositories.
According to the report, two Uber employees were told not to use the workplace messaging app Slack.
Uber employees received a message that read: “I announce I am a hacker and Uber has suffered a data breach” shortly before the Slack system was taken offline.
The hacker appeared to have later gained access to other internal systems, posting an explicit photo on an internal information page for employees.
Uber stated that it was in contact with authorities regarding the breach.
There is no evidence that the hack affected Uber’s fleet of vehicles, customers, or payment data.
Bounty hunters for bugs
Uber contributes to HackerOne, a bug bounty platform based in California. Many large corporations use bug bounty programs, which essentially pay ethical hackers to find bugs.
One of the bug bounty hunters, Sam Curry, communicated with the Uber hacker. “It appears that they’ve compromised a lot of things,” he said.
Mr Curry stated that he spoke with several Uber employees, who stated that they were “working to lock down everything internally” to prevent the hacker from gaining access.
He stated that there was no evidence that the hacker had caused any damage or was interested in anything other than publicity.
“We’re in close contact with Uber’s security team, have locked down their data, and will continue to assist with their investigation,” said Chris Evans, chief hacking officer for HackerOne.
Who is to blame?
According to the New York Times, the hacker is 18 years old, has been practicing cyber-security for several years, and hacked the Uber systems because “they had weak security.”
The person who announced the breach on Slack also stated that Uber drivers should be paid more.
In cyber-security, “humans are the weakest link,” and this hack demonstrates that it was an employee who was duped who let the criminals in.
Although the saying is correct, it is also extremely cruel.
The more complete picture that is emerging here indicates that this hacker was both highly skilled and highly motivated.
As we’ve seen with recent Okta, Microsoft, and Twitter breaches, young hackers with plenty of time on their hands and a devil-may-care attitude can persuade even the most cautious employees to make cyber-security mistakes.
This type of social engineering hacking is as old as computers themselves; just ask infamous former hacker Kevin Mitnick, who was sweet-talking his way around telephone networks in the 1970s.
The difference today is that hackers can combine their gift of gab with highly sophisticated and user-friendly software to make their job even easier.
