“I announce i am a hacker and uber has suffered a data breach,” the message mentioned.
It was adopted by a flurry of response emoji, together with a number of dozen displaying what seemed to be a siren symbols. Because of the hack, the folks mentioned, some programs together with Slack and inner instruments had been briefly disabled.
Internal screenshots obtained by The Washington Post confirmed the hacker claiming to have wide-ranging entry insider Uber’s company networks and appeared to point the hacker was motivated by the corporate’s remedy of its drivers. The individual claimed to have taken information from frequent software program used by Uber workers to write down new packages.
Uber pointed to its tweeted assertion when requested for touch upon the matter. The firm didn’t instantly reply to questions concerning the extent to which inner information could have been compromised.
The New York Times first reported the incident.
Uber beforehand suffered a breach in 2016 that uncovered private information of 57 million folks world wide, together with names, e-mail addresses and cellphone numbers. It additionally included drivers license data from roughly 600,000 U.S. drivers. Two individuals accessed the information through “a third-party cloud-based service” used by Uber on the time.
Uber, which is predicated in San Francisco, employs hundreds of individuals globally who could have been affected by the hacker’s obstruction of programs. The firm has additionally come below hearth for its remedy of drivers, who it has fought to maintain as contractors.
The hacker posted as Uber on a chat operate at HackerOne, which runs interference between researchers who’re reporting safety vulnerabilities and the businesses who’re affected by them. Uber and different corporations use that service to handle studies of safety flaws in its packages and to reward researchers who discover them.
In that chat, which was considered by The Post, the alleged hacker claimed entry to Uber’s Amazon Web Services account.
AWS didn’t instantly reply to a request for remark. (Amazon founder Jeff Bezos owns The Post.)
In a subsequent interview on a messaging app, the alleged hacker instructed The Post that they’d breached the corporate for enjoyable and may leak supply code “in a few months.”
The individual described Uber safety as “awful.”
Uber workers had been caught off guard by the sudden disruption to their workday, and a few initially reacted to the alarming messages as in the event that they had been a joke, in response to the screenshots.
The hacker’s ominous posts had been met with reactions apparently depicting the SpongeBob character Mr. Krabs, the favored “It’s Happening” GIF and queries as as to whether the state of affairs was a prank.
“Sorry to be a stick in the mud, but I think IT would appreciate less memes while they handle the breach,” one message considered by The Post mentioned.