Uber investigating network breach after hacker gains access to systems

#Hacking #HackingNews #TechNews

A hacker got the password of Uber's internal systems by posing as a corporate IT employee
The hacker has gained access to the company's internal systems and breached the network
The last time Uber was hacked in 2016, 57 million users had their information leaked online

Written By:Rwit

Updated: September 16 2022 06:53:46 AM ET

Uber, the ride-hailing app, is investigating a cybersecurity incident, a network breach, forcing the company to shut several internal communications and engineering systems, Reuters reported on Thursday.

The breach was reported after a hacker broke into the Slack account of an Uber employee. The hacker then used it to send a company-wide message saying that there had been a data breach in the systems, the New York Times reported, citing an Uber spokesperson.

Also Read | Peiter Zatko’s Twitter whistleblowing timeline: What has transpired so far

Following the incident, the company’s shares tanked by 5% on Friday morning, amidst a broader market decline.

The hacker gained access to other systems as well, evidenced by their posting an explicit photo on an internal page meant for employees, the New York Times reported.

Also Read | Pieter Zatko’s Senate testimony: Key takeaways

“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” Uber wrote on Twitter.

The hacker has claimed that they gained access to Uber’s systems using information produced by HackerOne, a bug bounty platform that connects companies with cybersecurity researchers and penetration testers.

Also Read | Elon Musk’s $44 billion takeover deal approved by Twitter shareholders

“This story is still developing and these are some extreme claims, but there does appear to be evidence to support it, wrote security researcher Bill Demirkapi on Twitter. He told Reuters that the screenshots of the hack that are currently being circulated online corroborate what the hackers have been saying.

Uber employees have been told to stop using Slack for the time being, but the corporate messaging service said that they had not detected any vulnerabilities on their end.

Also Read | Uber releases two new features to aid U.S. drivers

The hacker gained access to Uber’s system by impersonating an Uber corporate IT person via text message. They convinced the Uber employee to hand over a password, which in turn allowed the hacker to breach the company’s network.

This could potentially shape up to be a worse cybersecurity breach than the one Uber suffered in 2016 where the personal information of 57 million customers and drivers was leaked online.