Uber suffers computer system breach | Technology

SAN FRANCISCO — Uber’s computer systems were hacked and the company alerted authorities, the ride-sharing giant said Thursday.

The ride-sharing company said in a tweet that it was “responding to a cybersecurity incident.”

The hacker surfaced in a message posted to Slack, according to two people familiar with the matter, who spoke on condition of anonymity due to the sensitive nature of the incident.

“I am announcing that I am a hacker and that uber has suffered a data breach,” the post read.

It was followed by a flurry of reaction emoji, including several dozen showing what appeared to be mermaid symbols. Because of the hack, the people said, some systems, including Slack and internal tools, were temporarily disabled.

Internal screenshots obtained by The Washington Post showed the hacker claiming to have broad access to Uber’s corporate networks and appeared to indicate the hacker was motivated by the company’s treatment of its drivers. The person claimed to have taken data from common software used by Uber employees to write new programs.

Uber underlined its tweeted statement when asked to comment on the matter. The company did not immediately respond to questions about the extent to which inside information might have been compromised.

The New York Times first reported the incident.

Uber previously suffered a breach in 2016 that exposed the personal information of 57 million people worldwide, including names, email addresses and phone numbers. It also included driver’s license information for approximately 600,000 US drivers. Two people accessed the information through “a third-party cloud service” used by Uber at the time.

Uber, which is based in San Francisco, employs thousands of people worldwide who may have been affected by the hacker’s obstruction of systems. The company has also been criticized for its treatment of drivers, whom it has fought to keep as contractors.

The hacker posted as Uber on a chat feature on HackerOne, which handles interference between researchers reporting security vulnerabilities and companies affected by them. Uber and other companies use this service to manage reports of security vulnerabilities in its programs and to reward researchers who find them.

In that conversation, which was seen by The Post, the alleged hacker claimed access to Uber’s Amazon Web Services account.

AWS did not immediately respond to a request for comment. (Amazon founder Jeff Bezos owns The Post.)

In a later interview on a messaging app, the suspected hacker told the Post that he breached the company for fun and could leak the source code “in a few months.”

The person described Uber’s security as “awful”.

Uber employees were caught off guard by the sudden disruption to their workday, and some initially reacted to the alarming messages as if it were a joke, according to screenshots.

The hacker’s disturbing posts prompted reactions apparently depicting the SpongeBob character Mr. Krabs, the popular “It’s Happening” GIF, and questions about whether the situation was a prank.

“Sorry to be a stick in the mud, but I think IT would appreciate less memes while they deal with the breach,” said a message seen by The Post.

Gordon K. Morehouse