“I announce I am a hacker and Uber has suffered a data breach,” the message read, and went on to list several internal databases that were claimed to be compromised, the report added.
Loading
A person, claiming responsibility for the hack, told the paper that he had sent a text message to an Uber employee claiming to be a corporate IT person.
The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, the report said.
The hacker had alerted Curry and other security researchers to the intrusion on Thursday evening by using an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network through its bug-bounty program, which pays ethical hackers to ferret out network weaknesses.
The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.
Loading
One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.
Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used a similar ploy in 2020 to hack Twitter
Slack said in a statement to Reuters that the company was investigating the incident and that there was no evidence of a vulnerability inherent to its platform.
“Uber is a valued customer, and we are here to help them if they need us,” Slack, which is owned by Salesforce Inc, said in the statement.
Uber employees were instructed to not use Slack, according to the report. Other internal systems, too, were inaccessible.
Uber has been hacked before. Its former chief security officer, Joseph Sullivan, is currently on trial on allegations he arranged to pay hackers $100,000 to cover up a 2016 high-tech heist in which the personal information of about 57 million customers and drivers was stolen.
Reuters, AP
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.