Uber says it’s investigating a “cybersecurity incident” amidst reports that the company’s internal systems have been breached. The alleged hacker, who claims to be an 18-year old, says they have administrator access to company tools including Amazon Web Services and Google Cloud Platform. The New York Times reports that the ride-hailing business has taken multiple internal systems, including Slack, offline while it investigates the breach.
When contacted for comment by The Verge, a spokesperson for the company declined to answer additional questions, and pointed to its statement on Twitter. “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” the statement reads.
Honestly kind of a classy way to hack someone @Uber pic.twitter.com/fFUA5xb3wv
— Colton (@ColtonSeal) September 16, 2022
The hacker appears to have made themselves known to Uber’s employees by posting a message on the company’s internal Slack system. “I announce I am a hacker and Uber has suffered a data breach,” screenshots of the message circulating on Twitter read. The claimed hacker then listed confidential company information they said they’d accessed, and posted a hashtag saying that Uber underpays its drivers.
The Slack message from the alleged hacker was so brazen that many Uber employees appear to have initially thought it was a joke, the Washington Post reports. Employee responses to the post included lighthearted emoji like sirens and popcorn, as well as the “it’s happening” GIF. One unnamed Uber employee told Yuga Labs security engineer Sam Curry that staff were interacting with the hacker thinking they were playing a joke.
“Sorry to be a stick in the mud, but I think IT would appreciate less memes while they handle the breach,” one employee’s response read, according to The Post.
Apparently there was an internal network share that contained powershell scripts…
“One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite” pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) September 16, 2022
The hacker claimed to the NYT to be 18 years old, and told The Post that they breached Uber for fun and is considering leaking the company’s source code. In a conversation with cybersecurity researcher Corben Leo, they also claimed to have gained access to Uber’s systems through login credentials obtained from an employee via social engineering, which allowed them to access an internal company VPN. From there, they found PowerShell scripts on Uber’s intranet containing access management credentials that allowed them to allegedly breach Uber’s AWS and G Suite accounts.
“This is a total compromise, from what it looks like,” Curry told the NYT. “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life.”