An unknown person has allegedly obtained access data from an Uber employee and now has access to all of the US company’s internal systems.
The US ride-hailing service Uber has allegedly been hacked, and a security researcher told the New York Times that the company was “completely compromised.” The stranger has documented with screenshots that he has access to many of the US company’s internal systems, such as emails, cloud storage, and source code repositories. Employees have been instructed to avoid internal communication channels, and some software is no longer accessible. The company has assured that it is working to clarify the matter and that law enforcement authorities will be informed.
“The Time of His Life”
According to the New York Times, an 18-year-old has now come forward and known about the crime. Uber took inadequate security precautions and got access to data via social engineering. In a message sent internally by Uber, he not only acknowledged the hack but also demanded higher pay for Uber drivers. A security researcher from Yuga Labs is therefore in contact with the hacker and says he has “virtually unlimited access”: “They are totally compromised.” At the same time, it seems to him that a child could break into Uber and now doesn’t know what to do with it other than having “the time of his life”.
For Uber, it is not the first time that data has been made accessible to unauthorized persons on a large scale: five years ago it became known that data from around 50 million passengers had been stolen 2016. Uber had kept quiet about the incident for a year. The group was then criticized again when it became known that the responsible hacker had received 100,000 US dollars from the bug bounty program, which was not intended for this purpose, in exchange for deleting the data. As a result, the company’s security chief at the time was dismissed and had to face charges of “covering up a crime” in court.