Uber said it is responding to a cybersecurity incident, after a media report that its network was breached with the ride-hailing company taking several internal communications and engineering systems offline.
A hacker compromised an employee's workplace messaging Slack app and then used it to send a message to Uber employees announcing that it had suffered a data breach, according to a New York Times report citing an Uber spokesperson.
It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the report added.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.— Uber Comms (@Uber_Comms) September 16, 2022
Uber's Slack system was taken offline on Thursday afternoon by Uber after employees received the message from the hacker, according to the Times report, citing two employees, who were not authorised to speak publicly.
"I announce I am a hacker and Uber has suffered a data breach," the message read, and went on to list several internal databases that were claimed to be compromised, the report added.
The staff at the company was instructed to not use Slack, which is owned by Salesforce, according to the report.
Other internal systems, too, were inaccessible.
Twitter users have posted what they claim are screenshots of the hacked systems, including Uber's Amazon Web Services instance, HackerOne administrative panel, and Slack workspaces.
Update: A Threat Actor claims to have completely compromised Uber - they have posted screenshots of their AWS instance, HackerOne administration panel, and more.— vx-underground (@vxunderground) September 16, 2022
They are openly taunting and mocking @Uber. pic.twitter.com/Q3PzzBLsQY
In October and November of 2016, Uber was hacked, impacting 57 million users and drivers worldwide.
The company was fined for the data breach several countries.