Uber Technologies Inc. shuts down its internal Slack messaging amid the investigation related to the cybersecurity attack by a hacker who allegedly claimed to have accessed sensitive company information.
According to one person familiar with the matter, employees of Uber had left stunned when they received a Slack message on Thursday from an unknown individual claiming that “I am a hacker.” The perpetrator claimed to have gained access to all internal databases and an employee’s account.
According to the New York Times, the cyberattacker was an 18 year old who infiltrated a number of internal systems and released snapshots of emails as well as code repositories on the internet to support his claims.
Sam Curry, a Yuga Labs’ researcher, stated that the hacker or hackers had access to Uber’s cloud infrastructure hosted on Amazon and Google. He also claimed to have been in touch with the attacker.
The criticality of the situation can be well understood from the fact that hackers also gained access to the HackerOne system, which allows Uber to offer a bug bounty program, in which ethical hackers are rewarded for reporting vulnerabilities.
This is extremely concerning for Uber considering the depth of the hacking. Almost everything related to their business and code are out in the open for people.
Curry has revealed that almost everything is compromised.
Experts are suspecting that by gaining access to all HackerOne’s reports allowed hackers to make use of all identified vulnerabilities to gain access.
After the sensitive information went viral on social media and internet, Uber was left with no other option but to confirm the breach, but declined to provide more details.
According to Uber’s Twitter account, the company has contacted law enforcement and frozen all Slack communications as it investigates the claims of the hacker and understands the depth of the damages.
The incident, however, has no impact on the services provided to its customers. People claimed that Uber’s ride-hailing services and food delivery services were operating as normal around the globe.
Sensing the complexity of the situation, HackerOne was quick to react and assured all of its customers for the safety of their data and information.
HackerOne is there for its customers. We’re in close touch with Uber’s security staff, have locked down their data, and will continue with their investigation,” Chris Evans, chief hacking officer of HackerOne, said.
This is not the first time when Uber came on the radar of hackers. Uber paid $148 million to settle claims relating to a large-scale data leak that exposed personal information of more than 25 million US users in 2016.