Uber confirmed it is investigating a “cybersecurity incident” that a teen hacker apparently caused. A few days ago, The New York Times reported that Uber shut down some internal systems to investigate the data breach.
Everything started from a message on the company’s Slack channel, saying, “I announce I am a hacker and Uber has suffered a data breach,” A screenshot of this message soon found its way to Twitter and created a big controversy for the company. In that Slack message, the hackers claimed they had stolen confidential information. They also posted a hashtag to address Uber’s underpayment to its drivers.
The interesting thing about this incident is Uber employees first thought it was a joke and didn’t take it seriously. Some employees even reacted to the post with sirens and popcorn emojis. According to Yuga Labs security engineer Sam Curry, employees were even interacting with the hacker, thinking one of their colleagues was joking with them.
“This is a total compromise, from what it looks like,” Curry told the NYT. “It seems like maybe they’re this kid who got into Uber and didn’t know what to do with it and is having the time of his life.”
Uber is now investigating the incident
Putting jokes aside, the ride-hailing company is suffering from a serious data breach, and the hackers reportedly took access to their Amazon Web Services and Google Cloud Platform. “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” Uber said in its Twitter post.
According to NYT, the hackers said to be 18 years old, and have done this for fun. The hackers also said they would like to leak Uber’s source code. They also told cybersecurity researcher Corben Leo that they used social engineering to gain login credentials from an employee. Then, they could access an internal company VPN and PowerShell scripts to break into AWS and G Suite accounts.