Uber is talking to law enforcement after a hacker reportedly breached its internal network, including its Slack server, technology systems, Amazon Web Services, Google clouds, and VMware systems.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” Uber tweeted.
The compromise surfaced on Thursday (Sept. 14) when Uber employees got a Slack message that read, “I announce I am a hacker and Uber has suffered a data breach,” The New York Times reported.
A lone hacker claiming responsibility for the breach told The New York Times he was 18 years old and decided to compromise Uber because the company had weak security. The attacker said he texted an Uber employee under the guise of being from corporate IT.
The hacker then persuaded the employee to reveal a password that allowed the hacker to gain access to Uber’s systems, per reports, an increasingly common cyber attack maneuver known as social engineering.
See also: PYMNTS Intelligence: Understanding Social Engineering Scams
Identified by the Telegram handle Tea Pot, the hacker also reportedly gained control of Uber’s security researcher HackerOne vulnerability bug bounty account, the Wall Street Journal reported.
The incident is a major compromise for Uber, assuming all of the Hacker’s claims are true, cybersecurity consultant Robert Graham told the WSJ.
“It’s all of their IT information. And because they’re an IT company, it’s everything,” he said.
Read more: Uber Hacked A Year Ago, 57M People Compromised
Uber was also compromised in 2016 when hackers stole the data of 57 million driver and rider accounts and then approached Uber and demanded $100,000 to delete their copy of the information. Uber arranged the payment but kept the breach a secret for more than a year.
In response to the incident, Uber fired security chief Joe Sullivan, who allegedly arranged the payment. Sullivan is now on trial the U.S. District Court in San Francisco, facing criminal obstruction charges for his role in paying the hackers.