Teen ‘hacks’ Uber
Fake IT worker bypasses weak security: reports
Uber confirmed it was dealing with a “cybersecurity incident” after a teenage hacker reportedly breached the ride-sharing giant’s internal systems and began taunting workers with explicit messages and images.
The person who took responsibility for the hack reportedly claimed to be 18 years old and claimed to have gained access to the company’s internal networks by pretending to be an IT worker and asking for an unnamed Uber employee’s password.
The reputed hacker disclosed the data breach in messages to The New York Times and cybersecurity researchers, the newspaper reported.
Uber employees learned that systems were compromised after the hacker posted a brazen message on the company’s Slack messaging platform.
“I announce I am a hacker and Uber has suffered a data breach,” the message said.
The hacker also reportedly posted that Uber drivers should be “better compensated for their work.”
The hacker appeared to have gained complete control of Uber’s systems, security engineer Sam Curry of Yuga Labs told the Times.
“They pretty much have full access to Uber,” Curry said. “This is a total compromise, from what it looks like.”
The hacker purportedly taunted Uber employees on company platforms. One employee told Fortune that the hacker posted a photo of an erect penis and the message, “F--K YOU DUMB WANKERS.”
The hacker told the Times that they targeted Uber because its cybersecurity measures were weak.
Uber was forced to take several of its internal platforms offline after learning of the data breach.
Uber said that it had no evidence that the incident involved access to sensitive user data, such as trip histories, and that internal software tools that it had disabled after the hack were coming back online.
The hacker also posted screenshots purported to be from Uber’s internal systems to Telegram.
The screenshots included images of an Amazon Web Services page, a HackerOne cybersecurity platform, Uber’s Slack account and what appeared to be a page displaying financial information.