Were Uber's databases hacked?

The company is investigating

A serious data security incident occurred over the weekend at Uber, when a hacker gained access to the company's internal systems, including email, cloud services and code repositories.

The company hastened to issue a reassuring message

Lilian dialect

09/18/2022

Sunday, September 18, 2022, 12:00 Updated: 12:08

• Share on Facebook

• Share on WhatsApp

• Share on Twitter

• Share by email

• Share in general

• Comments

  Comments

Uber (Photo: GettyImages)

The ride-hailing company Uber discovered that its internal data systems were hacked last Thursday, which led the company to take down some of them, and investigate the extent of the breach.

The hacker who claimed responsibility for the breach sent screenshots of email systems, cloud storage and code repositories to security researchers and the New York Times.

"The person had full access to Uber," Sam Curry, a security researcher at Yoga Labs, told the New York Times.

"It looks like a complete loophole."

A spokesperson for Uber responded, saying that the company is investigating the breach and has contacted law enforcement.

The hacker in question also went above and beyond, sending an email to the company's own employees, informing them that their employer had been hacked.

"It looks like a complete loophole."

Uber (Photo: GettyImages)

The source of the hack is apparently the "Slack" account of the company's employee that was hacked (apparently after the hacker convinced its owner to give him the access password with the help of social engineering through SMS phishing), and from there the hacker already gained access to other systems in the company.

In a media update issued by Uber on Friday, it was stated that the investigation is still ongoing, but it does not appear that access to sensitive user information (such as travel history) was gained, all company services, including Uber Eats and others, are operating as normal, and the systems that the company shut down as a precaution are also back in operation.

It is worth mentioning that this is not Uber's first data security incident.

In 2016, the company suffered a large-scale breach of the personal data of the 57 million users and drivers who work on its service, and tried to hide it.

Following the attempted cover-up, the company reached a settlement with the US Department of Justice and a series of state prosecutors in the United States, to avoid filing criminal charges against it.

More in Walla!

The solution to knee pain is closer than ever - thanks to technology in the shoe

Submitted by Apostrophe

• technology

• privacy and security

Tags

• Uber

• UBER