Uber computer systems breached by ‘teen’ in major security alert

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Uber is investigating a breach of its computer systems, the company said as it took several of its internal communications and engineering systems offline.

“We are currently responding to a cybersecurity incident,” the company tweeted on Friday.

The hacker compromised an employee’s official Slack account and posted a message, announcing himself and sharing that “Uber has suffered a data breach”, The Washington Post reported, citing individuals familiar with the matter.

The cyber attacker told The New York Times that he was 18 years old, and told the Post that he had broken into the company’s systems for his own entertainment. Uber employees reportedly believed the post to be a joke at first, according to reports.

The company said it is currently assessing the extent of the hack, adding that it is in touch with law enforcement and will post additional updates on Twitter as they become available.

The hacker also reportedly sent images of “email, cloud storage, and code repositories” to cybersecurity researchers and posted an “explicit image” on an internal page for employees, according to Reuters.

“This is a total compromise, from what it looks like,” security expert Sam Curry, who reportedly corresponded with the hacker claiming responsibility, told The New York Times.

The company pointed to its Twitter statement in response to The Independent’s request for comment on the extent of the breach.

This is not the first time Uber has faced a cybersecurity incident.

It came under fire for a 2016 breach that exposed the data of around 57 million drivers and passengers. Personal information such as names and phone numbers of Uber users worldwide were stolen along with the names and licence numbers of some 600,000 drivers, Uber chief Dara Khosrowshahi said.

This included records of nearly 82,000 drivers based in the UK.

The company hid the incident till 2017 and had paid hackers not to release the stolen data.

“We are changing the way we do business,” Mr Khosrowshahi had said after the company’s founder Travis Kalanick was forced out.

Following the 2016 incident, Uber was fined £385,000 by the UK Information Commissioner’s Office (ICO).

The ICO found the company guilty of a “serious breach” of UK data protection law and for showing “complete disregard” for customers and drivers whose data was stolen.