Uber Technologies, Inc. (NYSE: UBER) said on Friday that it is “currently responding to a cybersecurity incident” after it was reported that a hacker infiltrated the company’s internal network.
To add salt to the proverbial digital wound, the hacker–reportedly an 18-year old–himself announced the hack to Uber employees via compromising the Slack account of one of them to send the message.
“I announce I am a hacker and Uber has suffered a data breach,” the message read.
Furthermore, the hacker is openly discussing how they achieved the feat, as screenshots of the conversation with the attacker would suggest.
The attack seems to be straightforward: the hacker was able to get around an Uber employee’s login credentials after circumventing the company’s multi-factor authentication process. From there, the hacker continued to use the identity and existing VPM of that employee to pivot to the internal network. Fortunately for the hacker, the access leads to scripts with privileged credentials.
Through this, the hacker relayed that it allowed access to Uber’s Duo, OneLogin, AWS, and Gsuite networks.
Following the report on the hack, the ride-hailing platform immediately took its internal communications and engineering systems offline.
Uber last traded at US$31.23 on the NYSE.
Information for this briefing was found via CTV News and the sources mentioned. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.