Uber is investigating their recent “cybersecurity incident” after the rumours of its internal databases has got breached. The alleged hacker, who claims to be an 18-year-old, says they acquired administrator access to company tools including Amazon Web Services and Google Cloud Platform. The New York Times reports that the ride-hailing business has taken multiple internal systems, including Slack, offline while investigating the breach.
The company posted a statement on Twitter. “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” the statement reads.”
The hacker appears to have made themselves known to Uber’s employees by posting a message on the company’s internal Slack system. “I announce I am a hacker and Uber has suffered a data breach,” screenshots of the message circulating on Twitter read. The claimed hacker then listed confidential company information they said they’d accessed, and posted a hashtag saying that Uber underpays its drivers.
The hacker claimed to the New York Times to be 18 years old and told The Post that they breached Uber for fun and is planing to leak the company’s source code. In a Twitter post of the cybersecurity researcher Corben Leo, they also claimed to have gained access to Uber’s systems through login credentials obtained from an employee via social engineering, which allowed them to access an internal company VPN. From there, they found PowerShell scripts on Uber’s intranet containing access management credentials that allowed them to allegedly breach Uber’s AWS and G Suite accounts.