Uber has been hacked in what looks to be an attack on the company’s internal infrastructure.
After the New York Times reported that a cyberattack had infiltrated the company’s network and prompted it to take many internal communications and engineering systems offline, the California-based corporation said it was reacting to a “cybersecurity incident.” According to the article, the hacker claimed to be 18 years old.
Uber said that there are no problems with the company’s service, which is available in over 10,000 cities worldwide.
A hacker gained access to the employee workplace chat service Slack and used it to deliver an announcement to Uber employees about a data breach.
Sam Curry, a senior engineer at Yuga Labs, said the Uber hacker contacted him on the HackerOne network and showed him “very convincing” screenshots of complete administrative access to Uber’s cloud services.
The company has previously been hacked. Its former chief security officer, Joseph Sullivan, is on trial on charges that he arranged for hackers to be paid $100,000 in order to cover up a 2016 assault in which the personal information of around 57 million users and drivers was stolen.
According to the New York Times, the hacker appears to have gained access to other internal company networks, uploading an explicit photo on an internal information page for staff. The person who claimed responsibility for the hack stated that they got access through social engineering, which is a term for misleading an employee into allowing access.
The hacker sent a text message to an Uber employee posing as a business tech employee, convincing the worker to hand them a password that granted them access to the network. According to the report, the hacker, who provided a Telegram account address, stated that they hacked in because the company’s security was lax.