Uber investigates ‘cybersecurity incident’ after reporting breach

An Uber office is shown in Redondo Beach, California, U.S., March 16, 2022. REUTERS/Mike Blake

Join now for FREE unlimited access to Reuters.com

Sept 16 (Reuters) – Uber Technologies Inc (UBER.N) said it was investigating a cybersecurity incident after a report of a network breach that forced the company to shut down several communications and data systems. internal engineering.

On Friday, Uber said it had no evidence that the incident involved access to sensitive user data such as ride history and that internal software tools the company took after the hack came back into effect. line.

Uber began investigating the cybersecurity incident on Thursday.

Join now for FREE unlimited access to Reuters.com

A hacker compromised an employee’s account on workplace messaging app Slack and used it to send a message to Uber employees announcing that the company had suffered a data breach, according to a New York Times report on Thursday quoting an Uber spokesperson.

Cybersecurity has been an issue for Uber in the past. It suffered a major hack in 2016 that exposed the personal information of around 57 million of its customers and drivers. Read more

Shares of the ride-hailing company fell nearly 4% on Friday amid a broader decline in the U.S. market.

It emerged that the hacker had been able to access other internal systems, posting an explicit photo on an internal employee information page, the Times report added.

“We are in contact with law enforcement and will post additional updates here as they become available,” Uber said in a tweet, without providing further details.

The hacker claimed to have had access to information about security vulnerabilities produced by HackerOne for Uber. This confidential information could be used for other violations within the company.

HackerOne said it was “in close contact with Uber’s security team, has locked down its data and will continue to assist in its investigation,” according to Chris Evans, hacking manager at Uber. HackerOne.

Security researcher Bill Demirkapi said screenshots circulating online appeared to corroborate the hacker or that the hackers were bragging about having access to Uber’s internal systems.

“This story is still developing and these are extreme claims, but there appears to be supporting evidence,” he said in a post on Twitter.

According to the NYT report, Uber employees have been instructed not to use the desktop messaging app Slack, owned by Salesforce Inc.

“I am announcing that I am a hacker and that Uber has suffered a data breach,” the message reads, and goes on to list several internal databases that were allegedly compromised, the report adds.

One person took responsibility for the hack and told the newspaper he texted an Uber employee claiming to be a corporate IT worker.

The worker was persuaded to hand over a password that allowed the hacker to access Uber’s systems, according to the report.

Uber chief executive Dara Khosrowshahi, who took office a year after the 2016 hack, fired the then security director, who was later accused of trying to cover up the breach.

Join now for FREE unlimited access to Reuters.com

Reporting by Shubham Kalia, Maria Ponnezhath and Nivedita Balu in Bengaluru, Christopher Bing and Raphael Satter in Washington; edited by Uttaresh.V, Rashmi Aich, Saumyadeb Chakrabarty, Kirsten Donovan and Maju Samuel

Our standards: The Thomson Reuters Trust Principles.

Comments are closed.