Uber's Computer Systems Just Got Hacked

Several engineering and internal communications systems at Uber have just been hacked and compromised. The ride-hailing giant has reported that they are looking into matters and investigating the breach.

The news of the hack was leaked by the hacker themselves when they sent pictures of Uber's code, cloud storage, and email repositories to a top news publication.

What Went Down

The employees at Uber were instructed to stop using Slack, a popular messaging and communications app for workplace collaboration. Just before Uber took down their Slack system, Uber’s staff received a Slack message that stated, "I announce I am a hacker, and Uber has suffered a data breach."

However, things did not end there. It turns out that the hacker was able to breach other internal communications systems as well. They later posted an explicit photograph of the staff on Uber's internal information page.

The ride-hailing company has recently stated that they have informed authorities and are working to investigate the breach. Currently, there are no indications that Uber's sensitive data, such as customer data, payment information, or fleet data, have been compromised or affected by the breach.

HackerOne Assistance

Like many tech companies and large businesses, Uber is subscribed to a bug bounty platform. They pay "bounty hunters" or ethical hackers on these platforms to find bugs and weak spots in their systems. In the case of Uber, they are subscribed to a California-based bug bounty platform called HackerOne.

One of the ethical hackers at HackerOne actually communicated with the hacker from Uber.

According to them, it appears that the Uber hacker was able to compromise plenty of internal systems. They also stated that several people from Uber's staff have mentioned that the company is locking things down internally to limit the hacker's access as much as possible.

However, there are no signs that the Uber hacker has caused any damage to internal systems, and it is likely that they only breached Uber's systems for publicity.

The chief hacking officer at HackerOne, Chris Evans (not the actor), stated that they have locked down Uber's data, are in touch with the security panel at Uber, and will provide continued assistance to the ride-hailing company for their investigation.

Who Is the Uber Hacker?

There is limited information on the Uber hacker's identity. However, they did mention that Uber drivers should get higher pay in the same Slack message that announced the hack to Uber's staff.

Moreover, the publication that the Uber hacker chose to leak the news to has reported that the culprit is an 18-year-old. They said that the teenager had been sharpening their hacking skills for many years and decided to breach Uber's internal systems simply because "they had weak security."

On the other hand, another popular news publication says that they have seen messages from an anonymous person who claims to have control of various Uber admin accounts.

What Does It All Mean?

In the cyber security industry, it is widely known that human error is the cause of a vast majority of breaches, and there is immense data to support this. The current Uber hack seems like another example of human error resulting in a breach that compromised multiple internal systems.

Sadly, someone within Uber's staff was likely duped by the hacker, and this resulted in their systems being breached and compromised. The scale of the hack and the hacker's public actions indicate that they were not just highly skilled but also highly motivated.

Recently, there has been a steep rise in the number of young, carefree hackers who have a ton of free time on their hands and all the necessary skills needed to sway even the most cautious employees. They take their time to convince a target to make the smallest of cyber security errors that ultimately result in disaster.

Cyber attacks on businesses have rapidly increased over the last few years, and this particular type of hacking through social engineering has become more intense than ever. Such breaches and hacks have been reported recently by many other tech companies, including giants such as Microsoft and Twitter.

Although social engineering is nothing new, it has been used to persuade people long before computers existed. Reports of people sweet-talking their way around staff members to exploit businesses have existed since at least the 60s.

It is likely that the practice has been around for much longer. However, what makes it more dangerous today is that cybercriminals are capable of integrating employee slip-ups with highly complex yet user-friendly software that makes hacking a piece of cake, even for teenagers.