New York Post

Teen ‘hacks’ Uber

Fake IT worker bypasses weak security: reports

- By THOMAS BARRABI tbarrabi@nypost.com

Uber confirmed it was dealing with a “cybersecur­ity incident” after a teenage hacker reportedly breached the ride-sharing giant’s internal systems and began taunting workers with explicit messages and images.

The person who took responsibi­lity for the hack reportedly claimed to be 18 years old and claimed to have gained access to the company’s internal networks by pretending to be an IT worker and asking for an unnamed Uber employee’s password.

The reputed hacker disclosed the data breach in messages to The New York Times and cybersecur­ity researcher­s, the newspaper reported.

Uber employees learned that systems were compromise­d after the hacker posted a brazen message on the company’s Slack messaging platform.

“I announce I am a hacker and Uber has suffered a data breach,” the message said.

The hacker also reportedly posted that Uber drivers should be “better compensate­d for their work.”

The hacker appeared to have gained complete control of Uber’s systems, security engineer Sam Curry of Yuga Labs told the Times.

“They pretty much have full access to Uber,” Curry said. “This is a total compromise, from what it looks like.”

The hacker purportedl­y taunted Uber employees on company platforms. One employee told Fortune that the hacker posted a photo of an erect penis and the message, “F--K YOU DUMB WANKERS.”

The hacker told the Times that they targeted Uber because its cybersecur­ity measures were weak.

Uber was forced to take several of its internal platforms offline after learning of the data breach.

Uber said that it had no evidence that the incident involved access to sensitive user data, such as trip histories, and that internal software tools that it had disabled after the hack were coming back online.

The hacker also posted screenshot­s purported to be from Uber’s internal systems to Telegram.

The screenshot­s included images of an Amazon Web Services page, a HackerOne cybersecur­ity platform, Uber’s Slack account and what appeared to be a page displaying financial informatio­n.

?? ?? A person claiming to be an 18-year-old says they have hacked Uber and shared screenshot­s of the app’s internal system to prove it. “They pretty much have full access to Uber,” said security expert Sam Curry.
A person claiming to be an 18-year-old says they have hacked Uber and shared screenshot­s of the app’s internal system to prove it. “They pretty much have full access to Uber,” said security expert Sam Curry.

Newspapers in English

Newspapers from United States