Illustration by Alex Castro / The Verge
Uber says itâs investigating a âcybersecurity incidentâ amidst reports that the companyâs internal systems have been breached. The alleged hacker, who claims to be an 18-year old, says they have administrator access to company tools including Amazon Web Services and Google Cloud Platform. The New York Times reports that the ride-hailing business has taken multiple internal systems, including Slack, offline while it investigates the breach.
When contacted for comment by The Verge, a spokesperson for the company declined to answer additional questions, and pointed to its statement on Twitter. âWe are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,â the statement reads.
Honestly kind of a classy way to hack someone @Uber pic.twitter.com/fFUA5xb3wv
â Colton (@ColtonSeal) September 16, 2022
The hacker appears to have made themselves known to Uberâs employees by posting a message on the companyâs internal Slack system. âI announce I am a hacker and Uber has suffered a data breach,â screenshots of the message circulating on Twitter read. The claimed hacker then listed confidential company information they said theyâd accessed, and posted a hashtag saying that Uber underpays its drivers.
The Slack message from the alleged hacker was so brazen that many Uber employees appear to have initially thought it was a joke, the Washington Post reports. Employee responses to the post included lighthearted emoji like sirens and popcorn, as well as the âitâs happeningâ GIF. One unnamed Uber employee told Yuga Labs security engineer Sam Curry that staff were interacting with the hacker thinking they were playing a joke.
âSorry to be a stick in the mud, but I think IT would appreciate less memes while they handle the breach,â one employeeâs response read, according to The Post.
Apparently there was an internal network share that contained powershell scripts…
“One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite” pic.twitter.com/FhszpxxUEW
â Corben Leo (@hacker_) September 16, 2022
The hacker claimed to the NYT to be 18 years old, and told The Post that they breached Uber for fun and is considering leaking the companyâs source code. In a conversation with cybersecurity researcher Corben Leo, they also claimed to have gained access to Uberâs systems through login credentials obtained from an employee via social engineering, which allowed them to access an internal company VPN. From there, they found PowerShell scripts on Uberâs intranet containing access management credentials that allowed them to allegedly breach Uberâs AWS and G Suite accounts.
âThis is a total compromise, from what it looks like,â Curry told the NYT. âIt seems like maybe theyâre this kid who got into Uber and doesnât know what to do with it, and is having the time of his life.â