SAN FRANCISCO – Uber’s computer systems were breached and the company has alerted authorities, the ride-hailing giant said Thursday.
The transport company said in a tweet that it was “responding to a cyber security incident”.
The hacker appeared in a message posted on Slack, according to two people familiar with the matter, who spoke on condition of anonymity because of the sensitive nature of the incident.
“I am announcing that I am a hacker and Uber has suffered a data breach,” the message read.
It was followed by a flurry of reaction emojis, including several dozen showing what appeared to be mermaid symbols. Because of the hack, the people said, some systems, including Slack and internal tools, were temporarily disabled.
Internal screenshots obtained by The Washington Post showed that the hacker claimed to have broad access to Uber’s corporate networks and appeared to indicate that the hacker was motivated by the company’s treatment of its drivers. The person claimed to have taken data from common software used by Uber employees to write new programs.
Uber pointed to its tweeted statement when asked for comment on the matter. The company did not immediately respond to questions about the extent to which internal information may have been compromised.
Uber waits a year to report massive hack of customer data
The New York Times first reported the incident.
Uber previously suffered a breach in 2016 that exposed personal information of 57 million people worldwide, including names, email addresses and phone numbers. It also included driver’s license information for approximately 600,000 US drivers. Two people accessed the information through “a third-party cloud-based service” used by Uber at the time.
San Francisco-based Uber employs thousands of people around the world who may have been affected by the hacker’s clogging of systems. The company has also come under fire for its treatment of drivers, who it has fought to keep as contractors.
The hacker posted as Uber in a chat feature on HackerOne, which mediates between researchers who report security vulnerabilities and the companies affected by them. Uber and other companies use this service to manage reports of security flaws in their programs and to reward researchers who find them.
In that chat, which was seen by The Post, the alleged hacker claimed access to Uber’s Amazon Web Services account.
What to do if you are hacked
AWS did not immediately respond to a request for comment. (Amazon founder Jeff Bezos owns The Post.)
In a subsequent interview with a messaging app, the alleged hacker told The Post that they had breached the company for fun and could leak the source code “within a few months.”
The person described Uber’s security as “horrible.”
Peiter “Mudge” Zatko’s journey from hacker to Twitter whistleblower
Uber employees were caught off guard by the sudden disruption to their workday, with some initially reacting to the alarming messages as if they were a joke, according to screenshots.
The hacker’s ominous posts received reactions apparently depicting the SpongeBob character Mr. Krabs, the popular “It’s Happening” GIF, and questions about whether the situation was a prank.
“Sorry to be a stick in the mud, but I think I would appreciate fewer memes while they deal with the breach,” said one message seen by The Post.