Uber confirms it is investigating cybersecurity incident

Uber confirmed on Thursday it was responding to a cybersecurity incident following reports the company had taken several internal communications and engineering systems offline after staff had been contacted by a hacker.

A person claiming to have broken into the ride-hailing company’s network contacted The New York Times with evidence of the breach, including “images of email, cloud storage and code repositories”.

They also contacted several security researchers claiming to have obtained log-in credentials for some of the company’s most sensitive business accounts.

Apparently there was an internal network share that contained powershell scripts...

"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite" pic.twitter.com/FhszpxxUEW

— Corben Leo (@hacker_) September 16, 2022

Following the New York Times report the company tweeted: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”

The hacker said they compromised an Uber employee’s Slack account and used it to send a message to staff stating “I announce I am a hacker and Uber has suffered a data breach” before listing several internal databases they claimed to have accessed.

The hacker told The New York Times they had been able to take control of a staff member’s account through social engineering. The hacker also said he was male and 18 years old and “had broken into Uber’s systems because the company had weak security”.

Among his other activities on Uber’s networks was posting what was described as a pornographic an internal information page for employees, alongside the message: “Fuck you wankers.”

Security researcher Sam Curry tweeted that the hacker had also accessed vulnerability reports filed on Uber to HackerOne and had commented beneath several of them.

Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets. They likely have access to all of the Uber HackerOne reports. pic.twitter.com/00j8V3kcoE

— Sam Curry (@samwcyo) September 16, 2022

Curry said the hacker “likely [has] access to all of the Uber HackerOne reports” which could include known vulnerabilities that have not yet been fixed. The bug bounty account for Uber is now closed.

It is not the first time that hackers have managed to break into Uber’s network. 

The company announced in 2017 that it had terminated the employment of its security chief Joseph Sullivan after it emerged that he had paid hackers $100,000 to delete customer data they had stolen a year earlier.

Uber subsequently paid $148 million to the U.S. Federal Trade Commission for concealing the breach in a settlement regarding claims against the company launched by all 50 U.S. States.

The company also paid smaller fines to data protection regulators in the UK and The Netherlands.

Sullivan was subsequently charged by the U.S. Department of Justice for the attempted cover-up with obstruction of justice, misprision of a felony, and three counts of wire fraud.

His trial is currently being heard by the U.S. District Court in San Francisco.