Uber is investigating a breach of the company’s most sensitive data, including financial documents, internal messages and who knows what else, by someone who told the New York Times they were only 18 years old. The hacker posted screenshots of their alleged exploits on Telegram on Thursday and even announced the hack on Uber’s internal Slack channels that night, apparently leading some employees to think it was a joke, according to the Washington Post.
The hacker allegedly compromised Uber’s systems by posing as someone from the company’s IT team and getting an employee’s password via text message, according to the report. Time, who described the hack as a “total compromise” by Uber. Screenshots of the alleged hack posted to Telegram show access to: HackerOne, Amazon Web Services, vSphere, Google Workspaceand Uber financial data.
The hacker announced himself Thursday by posting a photo of an erect penis on internal websites with the message “FUCK YOU DUMB WANKERS,” according to the report. Fortune magazine, although it’s still not clear how long the hacker had access to Uber’s data. The fact that the hacker announced himself on Thursday does not mean that he was given access that day.
Hacker’s post in Uber’s internal Slack channel shows people responding with emojis and makes it clear why some employees must have thought it was a joke:
I announce that I am a hacker and that uber has suffered a data breach.
Slack is stolen, confidential data containing Confluence, stash and 2 monorepos of phabricator are also stolen, along with secrets from sneakers.
It is, of course, entirely possible that the hacker or hackers are not just some 18-year-old doing it for the lulz, and this could be the work of a government or an organized criminal organization. But if you wanted to look like an immature teen trolling a big company, you’d definitely destroy internal websites with a dick and say “fuck you dumb assholes.” That’s also what an authentic teenager (presumably British) would say.
An Uber spokesperson declined to comment on details of the hack overnight, saying only that they were “currently responding to a cybersecurity incident” and that they were “in contact with law enforcement.” Uber said it would provide updates through its Uber communication Twitter account, although that account has not been updated since 9:25 PM ET on Thursday.
Uber suffered a ransomware attack in 2016, affecting the sensitive information of 57 million users affected, including driver’s license data, but the company kept it a secret for over a year. The company paid $100,000 to the hackers and fired two executives after the incident.
If the hacker turns out to be a lone wolf who is not affiliated with any nation state and is only 18 years old, the hack would follow in a long tradition of teenage hackers who invaded sensitive areas simply because they could. But if it really was that easy to create a hack social engineer that opened seemingly endless doors to the back of Uber, then you know someone who can take advantage is paying attention next time. Because when it comes to hacking, there is always a next time. Brace yourself, Uber.
#Uber #investigates #massive #security #breach #alleged #teenage #hacker