Uber computer systems breached by ‘teen’ in major security alert
‘This is a total compromise, from what it looks like,’ one security expert says
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Uber is investigating a breach of its computer systems, the company said as it took several of its internal communications and engineering systems offline.
“We are currently responding to a cybersecurity incident,” the company tweeted on Friday.
The hacker compromised an employee’s official Slack account and posted a message, announcing himself and sharing that “Uber has suffered a data breach”, The Washington Post reported, citing individuals familiar with the matter.
The cyber attacker told The New York Times that he was 18 years old, and told the Post that he had broken into the company’s systems for his own entertainment. Uber employees reportedly believed the post to be a joke at first, according to reports.
The company said it is currently assessing the extent of the hack, adding that it is in touch with law enforcement and will post additional updates on Twitter as they become available.
The hacker also reportedly sent images of “email, cloud storage, and code repositories” to cybersecurity researchers and posted an “explicit image” on an internal page for employees, according to Reuters.
“This is a total compromise, from what it looks like,” security expert Sam Curry, who reportedly corresponded with the hacker claiming responsibility, told The New York Times.
The company pointed to its Twitter statement in response to The Independent’s request for comment on the extent of the breach.
This is not the first time Uber has faced a cybersecurity incident.
It came under fire for a 2016 breach that exposed the data of around 57 million drivers and passengers. Personal information such as names and phone numbers of Uber users worldwide were stolen along with the names and licence numbers of some 600,000 drivers, Uber chief Dara Khosrowshahi said.
This included records of nearly 82,000 drivers based in the UK.
The company hid the incident till 2017 and had paid hackers not to release the stolen data.
“We are changing the way we do business,” Mr Khosrowshahi had said after the company’s founder Travis Kalanick was forced out.
Following the 2016 incident, Uber was fined £385,000 by the UK Information Commissioner’s Office (ICO).
The ICO found the company guilty of a “serious breach” of UK data protection law and for showing “complete disregard” for customers and drivers whose data was stolen.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments