Uber is investigating a data breach purportedly committed by an eighteen-year-old hacker on Thursday, September 15, taking several of its systems offline while it investigates the extent of the breach.
According to The New York Times, a person communicated to Uber employees, cybersecurity researchers and The New York Times itself, claiming responsibility and that he was eighteen, had been studying cybersecurity for a few years and had hacked Uber because he knew their cybersecurity was weak.
He also sent the news organization and the researchers images of Uber’s source code and other proof that he was behind the breach.
“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs during an interview with The New York Times. He was one of the people the hacker had chosen to communicate with during the breach. “This is a total compromise, from what it looks like.”
Uber is now contacting law enforcement and doing an internal investigation. Even the company’s internal messaging service, Slack, had been breached, the hacker having compromised an employee’s account and announcing the company had been hacked. He also posted an explicit photo on the internal information page.
In fact, the hacker even explained to the news outlet how he’d been able to get access to Uber’s systems, texting an employee posing as a corporate IT person, retrieving their password that allowed him to gain access to Uber’s systems.
“It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,” continued Curry.
As of right now, there is no information on whether the breach impacted driver or rider accounts, though it is possible. Back in 2016, hackers stole information from 57 million Uber accounts and demanded $100,000 to delete the stolen data. Uber paid them, but didn’t inform users for over a year.
For the latest travel news, updates and deals, be sure to subscribe to the daily TravelPulse newsletter.