Uber is investigating a breach of the corporate’s most delicate information—together with monetary paperwork, inner messages, and who is aware of what else—by somebody who instructed the New York Times they’re simply 18 years previous. The hacker posted screenshots of their alleged exploits on Telegram on Thursday and even introduced the hack in Uber’s inner Slack channels that night, main some staff to apparently assume it was a joke, based on the Washington Post.

The hacker allegedly compromised Uber’s methods by posing as somebody from the corporate’s IT workforce and getting an worker’s password by textual content message, based on the Times, which described the hack as a “total compromise” of Uber. Screenshots of the alleged hack posted to Telegram present entry to HackerOne, Amazon Web Services, vSphere, Google Workspace, and Uber financial data.

The hacker introduced themself on Thursday by posting a photograph of an erect penis on inner web sites with the message “FUCK YOU DUMB WANKERS,” based on Fortune journal, although it’s nonetheless not clear how lengthy the hacker might have had entry to Uber’s information. Just as a result of the hacker introduced themself on Thursday doesn’t imply they gained entry that day.

The hacker’s message in Uber’s inner Slack channel exhibits folks responding with emojis and makes clear why some staff should have thought it was a joke:

Hi @right here

I announce i’m a hacker and uber has suffered an information breach.

Slack has been stolen, confidential information with Confluence, stash and a couple of monorepos from phabricator have additionally been stolen, together with secrets and techniques from sneakers.

#uberunderpaisdrives

Obviously it’s fully doable the hacker or hackers aren’t truly simply an 18-year-old doing it for the lulz, and this might be the work of a authorities or organized legal group. But should you needed to appear to be an immature teen simply pranking an enormous firm, you’d positively vandalize inner web sites with a cock and say “fuck you dumb wankers.” That’s additionally what an genuine teen (presumably British) would say.

A spokesperson for Uber declined to touch upon particulars of the hack in a single day and would solely say that they have been “currently responding to a cybersecurity incident” they usually have been “in touch with law enforcement.” Uber stated it will present updates through its Uber Comms Twitter account, although that account hasn’t been up to date since 9:25 p.m. ET on Thursday.

Uber suffered a ransomware assault again in 2016, with the delicate data of 57 million customers compromised, together with driver’s license data, however the firm saved it a secret for greater than a yr. The firm paid $100,000 to the hackers and fired two executives after the incident.

If it does end up the hacker is a lone wolf not affiliated with any nation-state and simply 18 years previous, the hack would comply with in a long tradition of teen hackers who breached delicate areas simply because they might. But if it was actually that straightforward to social engineer a hack that opened up seemingly countless doorways into Uber’s again finish, you realize somebody who can revenue can be paying consideration for subsequent time. Because relating to hacking, there’s all the time a subsequent time. Get your shit collectively, Uber.