Uber was hacked, and it needed to take its inside messaging service and engineering methods offline to research the incident, in keeping with The New York Times. Sources who talked to the publication stated workers had been instructed to not go on Slack, the place the unhealthy actor had posted a message that learn “I announce I am a hacker and Uber has suffered a data breach” (together with a bunch of emoji) earlier than it was pulled offline. In a tweet confirming the breach, the corporate stated that it is at present responding to a cybersecurity incident and that it is now in contact with regulation enforcement.
We are at present responding to a cybersecurity incident. We are in contact with regulation enforcement and can publish further updates right here as they develop into obtainable.
— Uber Comms (@Uber_Comms) September 16, 2022
The firm did not say what precisely the hacker was in a position to entry and if consumer information was compromised. The Times says the hacker’s Slack message additionally listed databases they declare they had been in a position to infiltrate, although. And based mostly on screenshots seen by The Washington Post, the unhealthy actor boasted about with the ability to collect inside code and messaging information. An Uber spokesperson defined that the unhealthy actor was in a position to publish on the corporate Slack after compromising a employee’s account. They then gained entry to Uber’s different inside methods and posted an specific picture on an inside web page.
Bug bounty hunter and safety researcher Sam Curry tweeted data reportedly from an Uber worker that may very well be about that specific picture:
From an Uber worker:
Feel free to share however please don’t credit score me: at Uber, we bought an “URGENT” electronic mail from IT safety saying to cease utilizing Slack. Now anytime I request a web site, I’m taken to a REDACTED web page with a pornographic picture and the message “F*** you wankers.”
— Sam Curry (@samwcyo) September 16, 2022
Uber admitting the incident and getting in contact with authorities shortly after it occurred is a large departure from the way it dealt with the information breach it suffered again in 2016. The firm hid that assault for a yr and as a substitute of reporting the incident, it paid the hackers $100,000 to delete the data they stole. Former Uber safety chief Joseph Sullivan was fired and ultimately charged with obstruction of justice for the function he performed within the coverup, although his attorneys argued that he was used as a scapegoat. Uber settled with the Justice Department for failing to reveal the breach in July this yr.
All merchandise really helpful by Engadget are chosen by our editorial group, impartial of our mum or dad firm. Some of our tales embrace affiliate hyperlinks. If you purchase one thing by one in all these hyperlinks, we might earn an affiliate fee. All costs are right on the time of publishing.
#Uber #investigating #cybersecurity #incident #Engadget