Uber investigating ‘cybersecurity incident’ after report of breach

An Uber workplace is proven in Redondo Seashore, California, U.S., March 16, 2022. REUTERS/Mike Blake

Sept 16 (Reuters) – Uber Applied sciences Inc (UBER.N) mentioned on Thursday it was investigating a cybersecurity incident, after a report that its community was breached, forcing the corporate to close a number of inside communications and engineering techniques.

A hacker compromised an worker’s account on office messaging app Slack and used it to ship a message to Uber staff asserting that the corporate had suffered a knowledge breach, in keeping with a New York Instances report on Thursday that cited an Uber spokesperson.

Cybersecurity has been a difficulty for Uber up to now. It suffered a big hack in 2016 that uncovered the private info of about 57 million of its clients and drivers. learn extra

Shares of the ride-hailing agency had been down practically 5% on Friday, amid broader U.S. market declines.

It appeared the hacker was capable of achieve entry to different inside techniques, posting an express picture on an inside info web page for workers, the Instances report added.

“We’re in contact with regulation enforcement and can submit extra updates right here as they grow to be accessible,” Uber mentioned in a tweet, with out offering additional particulars.

The hacker has claimed they’ve gained entry to safety vulnerability info produced by HackerOne for Uber. Such confidential info may very well be used for additional breaches on the firm.

HackerOne mentioned they’re “in shut contact with Uber’s safety workforce, have locked their information down, and can proceed to help with their investigation,” in keeping with Chris Evans, HackerOne’s Chief Hacking Officer.

Safety researcher Invoice Demirkapi mentioned screenshots circulating on-line did appear to corroborate the hacker or hackers’ boasts that that they had entry to Uber’s inside techniques.

“This story remains to be creating and these are some excessive claims, however there does look like proof to assist it,” he mentioned in a message posted to Twitter.

Uber staff had been instructed to not use Slack, which is owned by Salesforce Inc , in keeping with the report. Different inside techniques had been inaccessible too.

Slack mentioned in a press release to Reuters that the corporate was investigating the incident and there was no proof of a vulnerability inherent to its platform.

“I announce I’m a hacker and Uber has suffered a knowledge breach,” the message learn, and went on to checklist a number of inside databases that had been allegedly compromised, the report added.

An individual assumed duty for the hack and informed the paper he had despatched a textual content message to an Uber worker claiming to be a company IT individual.

The employee was persuaded handy over a password that allowed the hacker to achieve entry to Uber’s techniques, the report mentioned.

Uber Chief Government Officer Dara Khosrowshahi, who took cost a yr after the 2016 hack, fired the then chief safety officer, who was later charged with making an attempt to cowl up the breach.

A U.S. choose final month dismissed the three wire fraud expenses towards Joseph Sullivan though he nonetheless faces two expenses of obstructing a U.S. Federal Commerce Fee continuing and failing to report a felony.

Reporting by Shubham Kalia, Maria Ponnezhath and Nivedita Balu in Bengaluru, Christopher Bing and Raphael Satter in Washington; modifying by Uttaresh.V, Rashmi Aich, Saumyadeb Chakrabarty, Kirsten Donovan

: .