The computer network of Uber has been hacked.
The ride-hailing company stated that it was conducting an investigation after several internal communications and engineering systems were compromised. The breach was first reported by the New York Times after the hacker sent the newspaper images of email, cloud storage, and code repositories.
According to the report, two Uber employees were told not to use the workplace messaging app Slack.
Uber employees received a message that read: “I announce I am a hacker and Uber has suffered a data breach” shortly before the Slack system was taken offline.
The hacker appeared to have later gained access to other internal systems, posting an explicit photo on an internal information page for employees.
Uber stated that it was in contact with authorities regarding the breach. There is no evidence that the hack affected Uber’s fleet of vehicles, customers, or payment data.
Uber contributes to HackerOne, a bug bounty platform based in California. Many large corporations use bug bounty programs, which essentially pay ethical hackers to find bugs.
Sam Curry, one of the bug bounty hunters, communicated with the Uber hacker. “It seems like they’ve compromised a lot of stuff,” he said.
Curry stated that he spoke with several Uber employees, who stated that they were “working to lock down everything internally” to prevent the hacker from gaining access.
He stated that there was no evidence that the hacker had caused any harm or was interested in anything other than publicity.
“We’re in close contact with Uber’s security team, have locked down their data, and will continue to assist with their investigation,” said Chris Evans, chief hacking officer for HackerOne.
According to the New York Times, the hacker is 18 years old, has been practicing cyber-security for several years, and hacked the Uber systems because “they had weak security.”
The person who announced the breach on Slack also stated that Uber drivers should be paid more.
(Adapted from BBC.com)