Ridesharing giant Uber says that is investigating a “cybersecurity incident” after a hacker claiming to be just 18 years old stated that they have administrator access to company tools.
The Verge reports that Uber claims to be investigating a “cybersecurity incident” following reports that the company’s internal systems have been breached. The alleged hacker claims to be 18 years old and says that they have access to company tools including Amazon Web Services and Google Cloud Platform. The New York Times reports that Uber has taken multiple internal systems offline, including Slack.
(Photo by Justin Sullivan/Getty Images)
An Uber spokesperson said that the company declined to answer additional questions and pointed to its public statement on Twitter: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” the statement said.
Colton Seal, the CEO and co-founder of Routefusion, tweeted a screenshot of what appears to be Uber’s internal Slack chat where the hacker announced themself to employees.
Honestly kind of a classy way to hack someone 😂😂😂@Uber pic.twitter.com/fFUA5xb3wv
— Colton (@ColtonSeal) September 16, 2022
Many employees were reportedly so shocked by the message from the hacker that they assumed it was a joke. Employee responses ranged from lighthearted emoji reactions to an “it’s happening” GIF. One unnamed employee stated that staff were interacting with the hacker thinking it was a joke.
Apparently there was an internal network share that contained powershell scripts…
"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite" pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) September 16, 2022
The hacker told the Washington Post that they breached Uber for fun and are currently considering leaking the company’s source code. They also told cybersecurity researcher Corben Leo that they gained access to Uber’s systems through login credentials obtained from an employee using social engineering.
“This is a total compromise, from what it looks like,” Curry told the NYT. “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life.”
Read more at the Verge here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan
COMMENTS
Please let us know if you're having issues with commenting.