Uber has confirmed the breach through a tweet.
Breach of Uber Systems by Hackers:
On Thursday, the Uber systems came under attack by hackers. The hackers were able to breach the Uber computers. The company representatives are saying that the attack is under investigation by cyber experts. In the meantime, all the systems have been shut down.
An 18-year-old hacker has taken responsibility for the attack. He has sent the screenshots of the e-mails, cloud storage, and source codes to the cybersecurity experts as proof.
Sam Curry, who is working with Yuga Labs and had interaction with the hacker, said that the hackers almost gained full access to the database of Uber, and most of the systems got compromised.
Uber has now issued instructions for its employees not to use the internal messaging system for communication and Slack application.
Warning by the Hacker:
Before the Slack system was shut down, the employees received messages from hacker. The message read, “I announce I am a hacker and Uber has suffered a data breach. Slack has been stolen…” The hacker used an employee’s Slack account to broadcast this warning.
As per the reports, the hacker used social engineering technique to gain access to Slack. He impersonated as a technical person and contacted an employee of Uber. Somehow, he persuaded the employee to share his Slack password. The moment the employee gave his password, the hacker used the employee’s Slack credentials to log in and posted the warning message to all.
In the warning message, the hacker also mentioned that Uber must pay higher wages to its drivers.
Previous Cyber-Attack on Uber:
This is the second time Uber has come under a hacking attack. In 2016, hackers breached the Uber systems and were able to gain access to its database containing data of 57 million drivers and riders and made a copy of it. They demanded a huge amount of $100,000 to remove the copy they had made.
In response, Uber company paid the amount to the hackers but did not disclose the details till one year. The company also fired its security executive Joe Sullivan. He is currently facing charges for hiding the attack from the cyber security regulators and is on trial in the case.