Ride-hailing giant Uber was hit by a cyber attack earlier this week. The hack was discovered on Thursday and it forced the company to take several internal systems offline including Slack, Amazon Web Services, and Google Cloud Platform.
The hacker claims to be an 18-year-old who managed to gain administrator access to the company’s internal tools. Uber is still investigating how the teenager was able to do so. The internal tools were taken offline as a precautionary measure and started to come back online yesterday.
Uber was quick to clarify that no private data from user accounts was compromised such as trip history or log in details. The company also announced that all of its services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are fully functional. The ride-hailing giant also notified law enforcement.
— Uber Comms (@Uber_Comms) September 16, 2022
The hacker revealed himself to Uber employees through the company’s internal Slack system with a message saying “I announce I am a hacker and Uber has suffered a data breach”. He proved his claim by sharing confidential company information and posting a hashtag saying that Uber underpays its drivers.
The alleged hacker told The New York Times that he received a password from an Uber employee which gave him access to the company’s internal systems. He had tricked the employee by posing as a corporate IT official, a technique known as social engineering.
Security experts said that the hack was a total compromise of Uber’s systems but the company did not advise its users to change their passwords or other login details.
This is not the first time Uber has been compromised as part of a cyber attack. The company suffered a major breach in 2016 which compromised the confidential information of millions of customers and drivers.