Uber says it is investigating a “cybersecurity incidentamid reports that the company’s internal systems have been breached. The alleged hacker, who claims to be an 18-year-old, says he has administrative access to company tools, including Amazon Web Services and Google Cloud Platform. The New York Times reports that the ride-hailing company has taken multiple internal systems, including Slack, offline while investigating the breach.
When contacted for comment by The edge, a company spokesperson declined to answer additional questions, pointing to his statement on Twitter. “We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post additional updates here as they become available.” statement reads.
— Colton (@ColtonSeal) September 16, 2022
The hacker appears to have made himself known to Uber employees by posting a message on the company’s internal Slack system. “I announce that I am a hacker and that Uber has suffered a data breach,” screenshots of the message circulating on Twitter. The alleged hacker then listed confidential company information that he said he had access to, and posted a hashtag stating that Uber is underpaying its drivers.
The alleged hacker’s Slack message was so cheeky that many Uber employees initially thought it was a joke, the Washington Post reports. Employees’ reactions to the post included lighthearted emoji such as sirens and popcorn, as well as the “it’s happening” GIF. An unnamed Uber employee told Yuga Labs security engineer Sam Curry that the staff interacted with the hacker and thought they were playing a prank.
“Sorry to be a stick in the mud, but I think IT would appreciate less memes while they deal with the breach,” said one employee, according to a comment. The mail.
Apparently there was an internal network share that contained powershell scripts…
“One of the powershell scripts contained the username and password for an admin user in Thycotic (PAM) This allowed me to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite” pic.twitter.com/FhszpxxUEW
— Corben Leo (@hacker_) September 16, 2022
The hacker claimed that the NYT be 18 years old, and told The mail that they violated Uber for fun and are considering leaking the company’s source code. In a conversation with cybersecurity researcher Corben Leo, they also claimed to have accessed Uber’s systems through credentials obtained from an employee through social engineering, giving them access to an internal VPN of the company. From there, they found PowerShell scripts on Uber’s intranet with access control credentials that allegedly allowed them to breach Uber’s AWS and G Suite accounts.
“This is a total compromise of how it looks,” Curry told the… NYT. “Looks like they might be this guy who joined Uber and doesn’t know what to do with it, and is having the time of his life.”