“I announce i’m a hacker and uber has suffered a knowledge breach,” the message stated.
It was once adopted by way of a flurry of response emoji, together with a number of dozen appearing what looked to be a siren symbols. As a result of the hack, the folks stated, some techniques together with Slack and inner equipment have been briefly disabled.
Inside screenshots got by way of The Washington Submit confirmed the hacker claiming to have wide-ranging get entry to inside of Uber’s company networks and gave the impression to point out the hacker was once motivated by way of the corporate’s remedy of its drivers. The individual claimed to have taken information from commonplace tool utilized by Uber workers to write down new systems.
Uber pointed to its tweeted commentary when requested for remark at the subject. In an replace Friday, the corporate stated its investigation was once ongoing, and services and products akin to Uber and Uber Eats — and the corporate’s driving force app — have been operating. It stated the tool equipment that Uber disabled “as a precaution” have been coming again on-line.
“We haven’t any proof that the incident concerned get entry to to delicate person information (like go back and forth historical past),” the corporate wrote.
An inner outage file Thursday considered by way of The Submit stated riders and meals supply consumers were not able to request rides or position orders in places together with Atlanta, Ga. and Brisbane, Australia, despite the fact that it stated the problem was once later “mitigated.”
The New York Occasions first reported the breach.
Uber up to now suffered a breach in 2016 that revealed non-public knowledge of 57 million folks all over the world, together with names, electronic mail addresses and contact numbers. It additionally incorporated drivers license information from more or less 600,000 U.S. drivers. Two people accessed the tips by means of “a third-party cloud-based carrier” utilized by Uber on the time.
Uber, which is founded in San Francisco, employs hundreds of folks globally who could have been suffering from the hacker’s obstruction of techniques. The corporate has additionally come underneath fireplace for its remedy of drivers, who it has fought to stay as contractors.
The hacker posted as Uber on a talk serve as at HackerOne, which runs interference between researchers who’re reporting safety vulnerabilities and the corporations who’re suffering from them. Uber and different firms use that carrier to regulate studies of safety flaws in its systems and to praise researchers who to find them.
In that chat, which was once considered by way of The Submit, the alleged hacker claimed get entry to to Uber’s Amazon Internet Products and services account.
AWS didn’t instantly reply to a request for remark. (Amazon founder Jeff Bezos owns The Submit.)
In a next interview on a messaging app, the alleged hacker advised The Submit that that they had breached the corporate for a laugh and would possibly leak supply code “in a couple of months.”
The individual described Uber safety as “terrible.”
Uber workers have been stuck off guard by way of the surprising disruption to their workday, and a few first of all reacted to the alarming messages as though they have been a comic story, consistent with the screenshots.
The hacker’s ominous posts have been met with reactions it seems that depicting the SpongeBob personality Mr. Krabs, the preferred “It’s Taking place” GIF and queries as as to whether the placement was once a prank.
“Sorry to be a stick within the dust, however I believe IT would respect much less memes whilst they deal with the breach,” one message considered by way of The Submit stated.
