91原创

Skip to content
Join our Newsletter

Hacker claims to breach Uber, security researcher says

Uber said Thursday that it reached out to law enforcement after a hacker apparently breached its network. A security engineer said the intruder provided evidence of obtaining access to crucial systems at the ride-hailing service.
2022091602094-632412590e4c200aa5918fb7jpeg
FILE - An Uber sign is displayed at the company's headquarters in San Francisco, Monday, Sept. 12, 2022. Uber said Thursday, Sept. 15, that it reached out to law enforcement after a hacker apparently breached its network. A security engineer said the intruder provided evidence of obtaining access to crucial systems at the ride-hailing service. (AP Photo/Jeff Chiu, File)

Uber said Thursday that it reached out to law enforcement after a hacker apparently breached its network. A security engineer said the intruder provided evidence of obtaining access to crucial systems at the ride-hailing service.

There was no indication that Uber鈥檚 fleet of vehicles or its operation was in any way affected.

鈥淚t seems like they鈥檝e compromised a lot of stuff,鈥 said Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.

Curry said he spoke to several Uber employees who said they were 鈥渨orking to lock down everything internally鈥 to restrict the hacker鈥檚 access. That included the San Francisco company鈥檚 Slack internal messaging network, he said.

He said there was no indication that the hacker had done any damage or was interested in anything more than publicity. 鈥淢y gut feeling is that it seems like they are out to get as much attention as possible.鈥

The hacker had alerted Curry and other security researchers to the intrusion on Thursday evening by using an internal Uber account to comment on vulnerabilities they had previously identified on the company鈥檚 network which pays ethical hackers to ferret out network weaknesses.

The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber鈥檚 cloud providers to prove they broke in.

The Associated Press attempted to contact the hacker at the Telegram account where Curry and the other researchers chatted with them. But no one responded.

The New York Times reported that the person who claimed responsibility for the hack said they gained access through social engineering: They sent a text message to an Uber worker claiming to be a company tech employee and persuaded the worker to hand over a password that gave them access to the network.

The Times said the hacker reported being 18 years old and saying they broke in because the company had weak security.

One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user through social engineering.

Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Teenagers used a similar ploy in 2020 to hack Twitter

Uber said via email that it was 鈥渃urrently responding to a cybersecurity incident. We are in touch with law enforcement.鈥 It said it would provide updates on its

The company has been hacked before.

Its former chief security officer, Joseph Sullivan, is on allegations he arranged to pay hackers $100,000 to cover up a 2016 high-tech heist in which the personal information of about 57 million customers and drivers was stolen.

Frank Bajak, The Associated Press